Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Binary code and digital locks, some lit up and some not, photo by JuSun/Getty Images

    Commentary

    Cyber Attacks Reveal Uncomfortable Truths About U.S. Defenses

    Without government investments and policies to drive transparency and a clear understanding of what cybersecurity tools do, how well they work, and how securely they are built, the United States risks continuing to offer its adversaries the means to undermine its systems and, ultimately, its security.

    Sep 21, 2023

  • An Atom Computing's Phoenix quantum computer is seen in Berkeley, California, July 21, 2022, photo by Jane Lanhee Lee/Reuters

    Commentary

    When a Quantum Computer Is Able to Break Our Encryption, It Won't Be a Secret

    Policymakers and cybersecurity analysts should avoid messaging that emphasizes the risk that cryptanalytically relevant quantum computers developed in secret could be imminent or already operational. There is already more than enough reason to upgrade our communications systems to resist attacks from quantum computers as soon as possible.

    Sep 13, 2023

Explore Cybersecurity

  • Hacked internet of things

    Commentary

    Gaming Policy in Cyberspace

    Hacked devices and intellectual property theft are a rich hunting ground for policy development. The challenge posed by Internet-connect devices is only getting worse as the number of online devices continues to grow.

    Aug 23, 2017

  • Digital devices on a map of Australia

    Report

    Australia's Cyber Security Policy Options

    An exercise with participants from government, industry, think tanks, academia, and the media explored opportunities to improve cyber security and inform Australia's strategy. Recommendations include creating and enforcing technology security standards, crafting international agreements to address challenges, and increasing awareness to keep users safe online.

    Aug 7, 2017

  • The U.S. Capitol building illuminated at night in Washington, D.C.

    Blog

    RAND's Summer Reading List for Congress

    Hill staffers can make the most of the Congressional recess with this list of must-read research and commentary on the policy issues they will be addressing this fall.

    Aug 4, 2017

  • Girl Scouts compete in the Mission Ocean Challenge during the USS California Science Experience at Naval Surface Warfare Center, November 6, 2010

    Commentary

    Cybersecurity Badge: One Big Step for Girl Scouts, Potentially Giant Leap for Women

    The Girl Scouts will start offering 18 cybersecurity badges next year. In addition to exposing girls to cyber concepts and challenges, this could encourage them to pursue cybersecurity or other STEM careers in which women are underrepresented.

    Aug 3, 2017

  • Computer hacker working on laptop late at night in office

    Commentary

    Connect, Buy-Now, Fire: How the Dark Web Allows Criminals to Buy Weapons—Anonymously

    Despite its small size compared to the offline market, the ability of the dark web to anonymously arm individuals of all backgrounds needs to be taken seriously. Its potential impact on international security is significant.

    Jul 25, 2017

  • Russian President Vladimir Putin speaks during a news conference after the G20 summit in Hamburg, Germany, July 8, 2017

    Commentary

    Russian Information Warfare: A Reality That Needs a Response

    For the last three decades, Russia has exploited its growing capabilities in cyberspace to spy on, influence, and punish others. The West will continue to struggle to hold Moscow accountable, in part because international law falls far short of fully defining the rules or resolving conflicts.

    Jul 21, 2017

  • News Release

    News Release

    US Weapons Main Source of Illegal Arms Trade on the Dark Web

    The illegal sales on the dark web of firearms, weapons, explosives, and banned digital guides on homemade products present challenges for law enforcement agencies and national governments. Its potential to anonymously arm criminals and terrorists, as well as vulnerable and fixated individuals, is the most dangerous aspect.

    Jul 19, 2017

  • A laptop computer, a 9mm handgun, and bullets

    Report

    U.S. Weapons Are the Main Source of Illegal Arms on the Dark Web

    Sixty percent of weapons on sale on the dark web come from the United States. This illicit market for firearms, explosives, and ammunition can anonymously arm criminals, terrorists, and others.

    Jul 19, 2017

  • A man holds a laptop computer as cyber code is projected on him

    Report

    Could Stateless Attribution Promote International Cyber Accountability?

    The public may respond to government claims about who is behind a cyberattack with suspicion and confusion. Could an independent, global organization for cyber attribution help?

    Jun 2, 2017

  • A student in the Army's first Cyber Basic Officer Leader Course uses a field computer to probe for a targeted wireless network signal during a field training exercise at Fort Gordon, Georgia, February 1, 2017

    Commentary

    What Happens After ISIS Goes Underground

    As the Islamic State in Iraq and Syria suffers defeats on the battlefield, it is expanding its cyber presence to continue to encourage attacks abroad. The more the group relies on cyberspace, the more likely it will expose important segments of its organization to detection and disruption.

    May 30, 2017

  • A young man is frustrated by the WannaCry ransomware attack

    Commentary

    WannaCry Virus: A Lesson in Global Unpreparedness

    The WannaCry ransomware attack provides important lessons about how to secure cyber networks. History indicates that other attacks will follow. Preparedness is crucial.

    May 22, 2017

  • A screen, showing Russian President Vladimir Putin's annual end-of-year news conference, is on display in Simferopol, Crimea, December 23, 2016.

    Commentary

    Russia in Action, Short of War

    The West needs to work more quickly and coordinate better to offset Russia's capabilities, aggressiveness, and success. Responding to Russia's hostile influence involves predicting Russia's targets, identifying the tools it's likely to use, and playing the long game rather than focusing on near-term events.

    May 9, 2017

  • Russian President Vladimir Putin is reflected in the glasses of a cadet watching Putin on TV at a military school outside Rostov-on-Don, Russia, December 20, 2012

    Testimony

    The Need for Cognitive Security

    The United States needs a strategy to counter information operations conducted by Russia and other adversaries. The rapid evolution of technology complicates this challenge.

    Apr 27, 2017

  • The 24-hour Operations Room inside GCHQ, Cheltenham, UK, November 17, 2015

    Commentary

    Five Eyes at 70: Where to from Here?

    The Five Eyes intelligence alliance of the U.S., Canada, Great Britain, Australia, and New Zealand began in the Cold War to meet the threat posed by the Soviet Union. Today, the nations' intelligence communities must contend with domestic terrorism and cyber threats while remaining ahead of Russia and China.

    Apr 21, 2017

  • A person typing on a computer keyboard in a dark room

    Commentary

    Are Terrorists Using Cryptocurrencies?

    As the U.S. Treasury Department and its partners have denied terrorists access to the international financial system, new digital currencies could become an attractive alternative. They could be used for money laundering or to pay the personnel and vendors that keep the terrorist machine running.

    Apr 21, 2017

  • World map

    Commentary

    Why It's So Hard to Stop a Cyberattack — and Even Harder to Fight Back

    Cyber weapons attack the underlying network or computer systems. The possibility of unexpected effects in the cyber world is therefore greater than in conventional warfare. Not knowing if the effects were intentional complicates the response.

    Mar 30, 2017

  • A coder types on laptop keyboard

    Commentary

    Reining in Internet Abuse

    The internet is being used for harmful, unethical, and illegal purposes. Examples include incitement and recruitment by terrorists, cyber bullying, and malicious fake news. Americans say they are unhappy with the tone of the online discourse, but are reluctant to consider potential remedies.

    Mar 23, 2017

  • News Release

    News Release

    RAND Study Examines 200 Real-World 'Zero-Day' Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017

  • Composite image of binary code on a sunset over water

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 8, 2017

  • U.S. Army soldiers take part in a multi-service exercise on cyber capabilities at Ford Gordon in Augusta, Georgia, June 10, 2014

    Testimony

    Effective Cyberdeterrence Takes More Than Offensive Capability

    A successful cyberdeterrence posture has many prerequisites. These include attributing attacks to the correct party, thresholds for what merits retaliation, credibility, and offensive capability. For the United States, capability is the least in doubt.

    Mar 1, 2017

Research conducted by