Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Blue and red cables transmitting data signals, image by Alexey Novikov/Adobe Stock

    Report

    Response Options to Cyberattacks on U.S. Government Networks

    The United States has proved vulnerable to cyber incidents, and a lack of response has emboldened Russia and China to expand their cyber espionage activities. Have U.S. responses changed over time or affected adversary behavior? What lessons do these cases offer for future policymaking?

    Apr 29, 2022

  • Blue binary code and blue swirling lines, photo by metamorworks/Getty Images

    Report

    Preparing for Post-Quantum Critical Infrastructure

    Quantum computers are expected to create vulnerabilities in critical infrastructure. How vulnerable are critical functions, such as distributing electricity and protecting sensitive information? And how can the government help infrastructure owners and operators?

    Aug 18, 2022

Explore Cybersecurity

  • An NYPD officer stands across the street from the Apple Store on 5th Ave. in New York, March 11, 2016

    Commentary

    The False Choice at the Core of the Apple-FBI Standoff

    The Apple-FBI case should spark a broader debate among technology companies concerning their role in maintaining the privacy and security balance. A starting point should be to recognize that the majority of cyberattacks are related to phishing—and a user's action—not to whether a device can be secured.

    Mar 21, 2016

  • Two teens using laptops

    Commentary

    The Military Should Increase Efforts to Find and Enlist Young Hackers

    Some notorious cyberattacks have been carried out by computer-savvy teens. They don't all have criminal intentions, they just have a particular aptitude for writing code and operating in cyberspace. The U.S. military should consider embracing and cultivating this pool of talent.

    Mar 10, 2016

  • Service members and civilians conduct simulated cyberattack scenarios during Cyber Guard 2015

    Commentary

    In Greater Alignment: Public and Policymakers on Cyber

    For the first time, Gallup included cyberterrorism in its annual survey of Americans' concerns about threats to U.S. interests, and 73 percent of respondents said they felt it was a critical threat. The survey results come amid a flurry of activity on the issue on Capitol Hill and at the White House.

    Feb 29, 2016

  • Pieces of an iPhone are seen on a repair store counter in New York City, February 17, 2016

    Commentary

    The Cost of Security in the iPhone Era

    As the security on the iPhone better protects users from criminals, it also excels at keeping law enforcement from accessing the data. The dispute between the FBI and Apple over unlocking the iPhone of one of the San Bernardino attackers continues but the real debate is about whether society wants legislation that weakens iPhone security for law enforcement.

    Feb 26, 2016

  • Testimony

    Testimony

    Perspective on 2015 DoD Cyber Strategy: Addendum

    Document submitted on February 23, 2016 as an addendum to testimony presented before the House Armed Services Committee on September 29, 2015.

    Feb 26, 2016

  • Cybersecurity "leak"

    Multimedia

    Emerging Cyber Threats and Implications

    Cyberspace is expanding, becoming more vulnerable, and hosting increasingly vast amounts of data. Compounding this challenge is the growing number of bad actors seeking to exploit cyberspace. What steps can be taken to help mitigate emerging threats and improve U.S. cybersecurity?

    Feb 25, 2016

  • Group of friends holding their smart phones

    Commentary

    How You Can Be Cybersecurity's Strongest Asset

    Technology is thoroughly embedded within the average person's life but security is not emphasized to the general user. Teaching the importance of security early on and continually bringing awareness to the public could help temper technology-based attacks.

    Feb 18, 2016

  • Man using a laptop and drinking tea

    Commentary

    How Willing Are People to Allow Access to Their Internet Browsing History If It Helps National Security?

    A survey of over 26,000 citizens across the EU found that even in the event of a national emergency or limiting access of individuals' Internet usage to law enforcement agencies, there was still a strong aversion to information being stored or accessed.

    Feb 15, 2016

  • Journal Article

    Journal Article

    Investing in Cybersecurity

    This research examines why, how and how much organisations in critical infrastructure sectors invest in cybersecurity.

    Feb 11, 2016

  • U.S. Defense Secretary Ash Carter meets with Chinese Gen. Fan Changlong, vice chairman of China's Central Military Commission, at the Pentagon, June 11, 2015

    Commentary

    OPM Hack Poses Overlooked Counterintelligence Risk for Economic Espionage

    Since discovering the theft of personal data from an OPM database last spring, government officials have been preoccupied with assessing the risks to national security. But they must also address its potential to enable an adversary to steal valuable economic and commercial information.

    Feb 1, 2016

  • Department of Homeland Security researchers work at the Idaho National Laboratory in Idaho Falls, April 28, 2010

    Tool

    A Framework for Programming and Budgeting for Cybersecurity

    When defending an organization, cybersecurity professionals must choose from a large set of defensive measures while operating with a limited set of resources. What is the menu of actions for defending against an attack? And how can defenders navigate the selection process?

    Jan 20, 2016

  • Journal Article

    Journal Article

    Cloud-Trust—a Security Assessment Model for Infrastructure as a Service (IaaS) Clouds

    The vulnerability of Cloud Computing Systems (CCSs) to Advanced Persistent Threats (APTs) is a significant concern to government and industry.

    Dec 23, 2015

  • Financial system representation

    Report

    The National Security Implications of Virtual Currency

    Could a non-state actor deploy a virtual currency to disrupt sovereignty and increase its political or economic power? How might a government or organization successfully disrupt such a deployment?

    Dec 16, 2015

  • Protesters from the online activist group Anonymous

    Commentary

    Anonymous vs. ISIS: Wishing the Vigilante Hackers Luck Against the Murderous Jihadists

    While ISIL uses the Internet to recruit fighters and incite violence, the Anonymous counter initiative could lower the volume of the online echo chamber, and yield support for the war against ISIL and its extremist ilk.

    Dec 14, 2015

  • Internet of Things graphic

    Commentary

    Keeping Hackers Away from Your Car, Fridge, and Front Door

    In the ever-growing Internet of Things, attackers already outpace the defenders. If developing solutions for software liability doesn't become more of a priority, there may be no winning this technological war.

    Dec 7, 2015

  • Close-up view on white conceptual keyboard - European Union (key with flag)

    Report

    Exploring Cybersecurity Threats and Policy Responses in the EU and Beyond

    Existing cybersecurity measures in the EU are fragmented, largely due to gaps in operational capabilities as well as strategic priorities of Member States. However, there are many policy options that may improve the EU's overall cybersecurity approach.

    Nov 18, 2015

  • A U.S. Air Force airman works at the 561st Network Operations Squadron, which executes defensive cyber operations

    Commentary

    The Two Sides of Cybersecurity

    Securing government networks is certainly necessary, but authorities should not lose sight of the need to couple their defense of America's networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats in cyberspace.

    Nov 13, 2015

  • Volkswagen CEO Matthias Mueller gives a tour of the VW factory in Wolfsburg, Germany, October 21, 2015

    Commentary

    When Public Trust in Corporations Is Shaken

    The Volkswagen scandal comes at a time when the public's trust in both the automotive industry and tech companies is at risk. The level of public trust in an individual organization could end up burnishing — or infecting — an entire industry or new technology.

    Oct 28, 2015

  • Research Brief

    Research Brief

    Cybersecurity of Air Force Weapon Systems: Ensuring Cyber Mission Assurance Throughout a System's Life Cycle

    Discusses how the Air Force acquisition/life-cycle management community can improve cybersecurity throughout the life cycle of Air Force weapon systems.

    Oct 27, 2015

  • An F-15 flying over Nevada during a USAFWS Mission Employment Exercise

    Report

    Improving the Cybersecurity of U.S. Air Force Weapon Systems

    U.S. Air Force weapon systems containing information technology may be vulnerable to intelligence exploitation and cyberattacks. But there are steps that the Air Force can take to improve the security of these systems throughout their life cycles.

    Oct 27, 2015