Cybercrime

Featured

A wide range of computer security threats exists—including faulty software, password trafficking and fraud, and hostile groups intending to inflict damage—and awareness of these threats varies. RAND has conducted research to measure and increase understanding of the impact of cybercrime on businesses and governments and has addressed such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and actions that can be taken in the face of cyberattack.

  • Illustration of a large gavel crashing down on self-driving cars, illustration by Chris Philpot

    Essay

    Who's Responsible When Your Car Gets Hacked?

    Oct 23, 2019

    Cars are becoming "fast, heavy artificial intelligences on wheels," a RAND report cautions, and that means they're becoming vulnerable. Potentially billions of dollars ride on the question of who has the legal responsibility to keep hackers from grabbing the wheel or cutting the brakes.

  • Cybercrime concept of handcuffs icon on a digital background, photo by blackboard/Adobe Stock

    Report

    What Could Help Law Enforcement Deal with Crime on the Dark Web?

    Oct 29, 2019

    Crime in traditional online forums often leaves a trail of data that can be followed. But on the dark web, the process of collecting those data and turning them into evidence can be difficult. A panel of law enforcement practitioners and researchers identified ways to address this challenge.

Explore Cybercrime

  • Binary code and laptops

    Commentary

    A Matter of Degree: Who Can Authorize a Cyberattack?

    Understanding when the United States should engage in cyberwar and who should approve cyberattacks requires understanding that cyberwar has multiple personalities: operational, strategic, and that great gray area in-between, writes Martin Libicki.

    Jan 8, 2013

  • Report

    Cybercrises Can Be Managed with Multiple Strategies

    The chances are growing that the United States will find itself in a crisis in cyberspace. Such crises can be managed by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise from crises.

    Jan 3, 2013

  • digital globe

    Commentary

    Cyber Operations Can Supplement a War, but They Cannot Be the War

    The U.S. military, with its high-tech systems, must protect itself from cyber threats with much the same careful management that protects it against vulnerabilities associated with, say, explosives. But there can be no choice between boots on the ground and fingers on a keyboard, writes Martin Libicki.

    Dec 19, 2012

  • Multimedia

    Crisis and Escalation in Cyberspace

    In a presentation at the Google LAX Office, Martin Libicki, Adjunct Management Scientist, RAND Corporation, discusses the evolving field of cyberwarfare, and the form of crisis and escalation in the context of cyberspace.

    Nov 15, 2012

  • gavel and laptop

    Journal Article

    Good Practice Guide Addresses Network and Information Security Aspects of Cybercrime

    The sharing and exchange of information between Computer Emergency Response Teams (CERTs) and the law enforcement community in Europe face several legal and operational barriers. This report offers recommendations for CERTs, law enforcement, and policymakers in Brussels.

    Nov 1, 2012

  • Globe surrounded by binary data

    Commentary

    The Case for a Cyber-Security Safety Board: A Global View on Risk

    Innovative approaches are needed to break the current stalemate of information sharing and to build a solid and reliable evidence base on the state of cyber-security, writes Neil Robinson.

    Jun 18, 2012

  • A hacker at his computer desk

    Commentary

    Setting International Norms on Cyberwar Might Beat a Treaty

    Restricting cyberweapon development could be harmful inasmuch as its core activity is the discovery of vulnerabilities in software—the very activity also required to bulletproof software against attacks from criminal hackers, writes Martin Libicki.

    Jun 11, 2012

  • Report

    Exploring How the EU Should Establish a Cybercrime Centre

    After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.

    Mar 27, 2012

  • computer image with lock

    Project

    Cybersecurity: Examining Challenges for the Future

    Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.

    Feb 29, 2012

  • computer virus cyber worm

    Report

    The Characteristics of Cyberspace Pose Challenges to Those Who Seek to Defend It

    It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.

    Dec 20, 2011

  • Commentary

    Could Bin Laden's Death Prompt a Cyber Attack?

    A truly monumental attack that could cripple key U.S. computer systems — something akin to the Stuxnet worms attack on Iran's nuclear infrastructure, for example — would take many months of planning, significant expertise, and a great deal of money to pull off, writes Isaac Porche.

    May 6, 2011

  • Report

    Influences on the Adoption of Multifactor Authentication

    Passwords are proving less and less capable of protecting computer systems from abuse. Multifactor authentication (MFA) — which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) — is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA — and where they choose to use it.

    Apr 15, 2011

  • Report

    Understanding the Security, Privacy, and Trust Aspects of Cloud Computing

    Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources—such as storage and applications—that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses.

    Apr 4, 2011

  • Journal Article

    Encryption and the Loss of Patient Data

    Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does.

    Dec 31, 2010

  • Brochure

    Chaos or Control?

    What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.

    Mar 11, 2010

  • News Release

    U.S. Must Focus on Protecting Critical Computer Networks from Cyber Attack

    Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

    Oct 8, 2009

  • computer programming code

    Report

    Cyberdeterrence and Cyberwar

    Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

    Sep 10, 2009

  • Computer password screen

    Commentary

    The Cracks in Data Privacy

    In the future, the EU will inevitably have to adjust its system of rules to cope with the evolving uses of personal data, globalization and international data flows, write Neil Robinson and Lorenzo Valeri.

    May 19, 2009

  • Research Brief

    Cybersecurity Economic Issues: Corporate Approaches and Challenges to Decisionmaking

    This research brief addresses key cybersecurity concerns, such as protecting critical products and services and ensuring that software will work. It identifies how organizations perceive the importance of cybersecurity in making investment decisions.

    Nov 18, 2008

  • News Release

    Computer-Based Crime to Be Focus of Silicon Valley Forum

    Security experts from the technology industry, law enforcement and academia will outline what is needed to better measure and understand the effect of computer-based crime in the United States during a public forum Sept. 25 in Silicon Valley.

    Sep 13, 2007