Cybercrime

Featured

A wide range of computer security threats exists—including faulty software, password trafficking and fraud, and hostile groups intending to inflict damage—and awareness of these threats varies. RAND has conducted research to measure and increase understanding of the impact of cybercrime on businesses and governments and has addressed such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and actions that can be taken in the face of cyberattack.

  • Smart car 3D rendering, photo by Production Perig/Adobe Stock

    Research Brief

    When an Autonomous Vehicle Is Hacked, Who Is Liable?

    Jul 12, 2019

    Hacks on autonomous vehicles could lead to deaths, property destruction, ransomware attacks, or data theft. Several scenarios illustrate the policy challenges facing the civil legal system, insurers, and others.

  • Mock Bitcoins are displayed in Berlin, January 7, 2014, photo by Pawel Kopczynski/Reuters

    Report

    Terrorist Use of Cryptocurrencies

    Mar 27, 2019

    Counterterrorism finance strategies have reduced terrorist access to official currencies. Will terrorist groups therefore increase their use of digital cryptocurrencies? New ones have emerged, including some that claim to be more private and secure than Bitcoin, but they also have limitations that make them less viable.

Explore Cybercrime

  • Two teens using laptops

    Commentary

    The Military Should Increase Efforts to Find and Enlist Young Hackers

    Some notorious cyberattacks have been carried out by computer-savvy teens. They don't all have criminal intentions, they just have a particular aptitude for writing code and operating in cyberspace. The U.S. military should consider embracing and cultivating this pool of talent.

    Mar 10, 2016

  • Service members and civilians conduct simulated cyberattack scenarios during Cyber Guard 2015

    Commentary

    In Greater Alignment: Public and Policymakers on Cyber

    For the first time, Gallup included cyberterrorism in its annual survey of Americans' concerns about threats to U.S. interests, and 73 percent of respondents said they felt it was a critical threat. The survey results come amid a flurry of activity on the issue on Capitol Hill and at the White House.

    Feb 29, 2016

  • Testimony

    Perspective on 2015 DoD Cyber Strategy: Addendum

    Document submitted on February 23, 2016 as an addendum to testimony presented before the House Armed Services Committee on September 29, 2015.

    Feb 26, 2016

  • Cybersecurity "leak"

    Multimedia

    Emerging Cyber Threats and Implications

    Cyberspace is expanding, becoming more vulnerable, and hosting increasingly vast amounts of data. Compounding this challenge is the growing number of bad actors seeking to exploit cyberspace. What steps can be taken to help mitigate emerging threats and improve U.S. cybersecurity?

    Feb 25, 2016

  • Group of friends holding their smart phones

    Commentary

    How You Can Be Cybersecurity's Strongest Asset

    Technology is thoroughly embedded within the average person's life but security is not emphasized to the general user. Teaching the importance of security early on and continually bringing awareness to the public could help temper technology-based attacks.

    Feb 18, 2016

  • U.S. Defense Secretary Ash Carter meets with Chinese Gen. Fan Changlong, vice chairman of China's Central Military Commission, at the Pentagon, June 11, 2015

    Commentary

    OPM Hack Poses Overlooked Counterintelligence Risk for Economic Espionage

    Since discovering the theft of personal data from an OPM database last spring, government officials have been preoccupied with assessing the risks to national security. But they must also address its potential to enable an adversary to steal valuable economic and commercial information.

    Feb 1, 2016

  • Department of Homeland Security researchers work at the Idaho National Laboratory in Idaho Falls, April 28, 2010

    Tool

    A Framework for Programming and Budgeting for Cybersecurity

    When defending an organization, cybersecurity professionals must choose from a large set of defensive measures while operating with a limited set of resources. What is the menu of actions for defending against an attack? And how can defenders navigate the selection process?

    Jan 20, 2016

  • Financial system representation

    Report

    The National Security Implications of Virtual Currency

    Could a non-state actor deploy a virtual currency to disrupt sovereignty and increase its political or economic power? How might a government or organization successfully disrupt such a deployment?

    Dec 16, 2015

  • Protesters from the online activist group Anonymous

    Commentary

    Anonymous vs. ISIS: Wishing the Vigilante Hackers Luck Against the Murderous Jihadists

    While ISIL uses the Internet to recruit fighters and incite violence, the Anonymous counter initiative could lower the volume of the online echo chamber, and yield support for the war against ISIL and its extremist ilk.

    Dec 14, 2015

  • Internet of Things graphic

    Commentary

    Keeping Hackers Away from Your Car, Fridge, and Front Door

    In the ever-growing Internet of Things, attackers already outpace the defenders. If developing solutions for software liability doesn't become more of a priority, there may be no winning this technological war.

    Dec 7, 2015

  • Close-up view on white conceptual keyboard - European Union (key with flag)

    Report

    Exploring Cybersecurity Threats and Policy Responses in the EU and Beyond

    Existing cybersecurity measures in the EU are fragmented, largely due to gaps in operational capabilities as well as strategic priorities of Member States. However, there are many policy options that may improve the EU's overall cybersecurity approach.

    Nov 18, 2015

  • A U.S. Air Force airman works at the 561st Network Operations Squadron, which executes defensive cyber operations

    Commentary

    The Two Sides of Cybersecurity

    Securing government networks is certainly necessary, but authorities should not lose sight of the need to couple their defense of America's networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats in cyberspace.

    Nov 13, 2015

  • Malware phishing data concept

    Q&A

    Social Engineering Explained: The Human Element in Cyberattacks

    The human element is the most unpredictable factor in cybersecurity. A social engineer aims to make people do what they want or give the social engineer information, often without the person considering the negative consequences.

    Oct 20, 2015

  • Joint service and civilian personnel concentrate on exercise scenarios during "Cyber Guard 2015."

    Testimony

    Perspective on 2015 DoD Cyber Strategy

    The DoD's cyber strategy is aligned with its mission, but there will be challenges to implementation—including building and maintaining a capable workforce, assessing risk across DoD networks and systems, and planning for operations.

    Sep 29, 2015

  • U.S. President Barack Obama and Chinese President Xi Jinping shake hands following a joint news conference in the Rose Garden at the White House in Washington September 25, 2015

    Commentary

    Define Acceptable Cyberspace Behavior

    While a U.S.-China cyberspace agreement is a welcome step, it also underscores the greater issues facing the United States and the international community in this largely ungoverned space. A precondition for securing U.S. networks should be the development of an overarching cyber doctrine that defines acceptable behavior and allows the U.S. to defend its networks against threats.

    Sep 27, 2015

  • Congressional Briefing Podcast

    Multimedia

    Lessons from a Hacker: Cyber Concepts for Policymakers

    In this September 14th congressional briefing, Lillian Ablon discusses the basics of cyber and information security and provides insights into some of the complexities of cybersecurity policymaking. Topics include why software vulnerabilities are significant, the components of cyber risk beyond the threat, motivations of various cyber threats actors, and what they exploit.

    Sep 14, 2015

  • A network administrator holds a drive

    Report

    Cyber Practices: What Can the U.S. Air Force Learn from the Commercial Sector?

    Some common commercial practices for cyber workforce management and organizational issues are applicable to the U.S. Air Force as it endeavors to improve the management of its cyber forces.

    Sep 9, 2015

  • Digital internet security concept

    Announcement

    RAND Hosts Cybersecurity Exercise

    The discussion of cybersecurity should not be trapped within narrow technical, national security, or legal stovepipes and should include an examination of economic, civil, and societal factors. With that goal in mind, RAND hosted an analytic exercise on cybersecurity.

    Sep 3, 2015

  • An illustration of a projection of binary code on a man holding a laptop computer

    Commentary

    Is It Time to Appoint a Data Security Czar?

    Cybersecurity needs to become more of a priority for the government and private corporations. Whatever the solution, public and private officials need to do a better job of weighing the risk-benefit calculation of storing data on Internet-accessible computers and justifying data-handling protocols.

    Sep 3, 2015

  • Handcuffs on a computer keyboard

    Announcement

    Law Enforcement Cyber Center: A New Internet Resource for Combating Cybercrime

    The Law Enforcement Cyber Center provides vital information and resources to police chiefs, police officers, cybercrime investigators, and prosecutors.

    Aug 11, 2015