Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Article

    Emerging Threats to Financial Markets

    The greatest danger to the U.S. financial system is the constant assault on reality—the deepfake videos and manipulated AI—that could weaken the system over time. It will be slow, but it will be steady and hard to stop—like financial climate change.

    May 13, 2024

  • Commentary

    Digital Security Increasingly Relies on AI. But That Tech Isn't as Secure as We Think

    In the digital age, trade-offs—like displaying our faces and fingerprints—are all but required to function in society. But the technology charged with securing our information and protecting against theft, fraud, and other potential harms doesn't always work.

    Apr 23, 2024

Explore Cybersecurity

  • A man accesses data from a computer

    Testimony

    Sharing Information About Threats Is Not a Cybersecurity Panacea

    Information-sharing—specifically, threat-centric information-sharing—has dominated recent discussions on improving cybersecurity, but it is not a silver bullet. Its usefulness is tied to certain assumptions about attacks, and while it should be encouraged, it addresses only one facet of a very complex space.

    Mar 4, 2015

  • Binary code with 'password' in red

    Commentary

    Cyberattacks Are a Nuisance, Not Terrorism

    The United States needs to consider both the risk of further attacks like the Sony breach and also further ill-considered reactions that may arise if the problem of insecurity in cyberspace is shoved into the counterterrorism paradigm.

    Feb 9, 2015

  • People holding mobile phones are silhouetted against a backdrop projected with the Twitter logo

    Commentary

    Decoding the Breach: The Truth About the CENTCOM Hack

    When ISIS hackers hijacked the Twitter account of U.S. Central Command on Jan. 12, they falsely claimed that they had hacked into U.S. military computers. While the incident was embarrassing, it was not concerning in operational military terms. It was, however, damaging to the counterinsurgency against ISIS.

    Feb 3, 2015

  • Service members working in the Global Strategic Warning and Space Surveillance System Center

    Commentary

    Put a Cybercop on the Beat

    What remains vitally needed is legislation that would grant at least one capable government organization the authority to track cyber-intruders and -criminals with the same freedom and speed of maneuver that these adversaries enjoy, while protecting the civil liberties and freedoms that allowed the establishment of the Internet.

    Jan 22, 2015

  • U.S. President Barack Obama delivers his State of the Union address to a joint session of Congress on Capitol Hill in Washington, January 20, 2015

    Blog

    State of the Union 2015: Clarion Calls on Terrorism, Cyber, Education, and More

    The agenda President Barack Obama outlined in his State of the Union address can perhaps best be characterized as broad, mirroring the range of diverse and emerging issues facing the U.S. in 2015.

    Jan 21, 2015

  • Lily Ablon holding medal received for winning DEF CON 21 challenge at Def Con Cybersecurity conference

    Q&A

    The Good Hacker: Q&A with Lillian Ablon

    Lillian Ablon talks about hacking, winning the DEF CON black badge, women in STEM, and more.

    Jan 16, 2015

  • Periodical

    Periodical

    RAND Review: January-February 2015

    This issue of RAND Review reports on technology literacy in kids, self-driving cars, marijuana legalization, hacking and cybersecurity, monetary compensation for mass tragedies, and recent philanthropic gifts to RAND.

    Jan 12, 2015

  • People pose in front of a display showing the word 'cyber' in binary code, Zenica, Bosnia and Herzegovina, December 27, 2014

    Commentary

    After a Year of Major Hacks, 2015 Resolutions to Bolster Cyber Security

    With numerous data breaches and emerging software vulnerabilities, 2014 was the year the hack went viral. But realizing a few New Year's resolutions in 2015 could help defenders make strides in protection, tools, and techniques to gain the edge over cyber attackers in years to come.

    Dec 31, 2014

  • A security guard at the entrance of United Artists Theater during the premiere of the film 'The Interview' in Los Angeles, December 11, 2014

    Commentary

    Is the North Korean Regime Out of Control?

    Evidence points to North Korean involvement in the Sony hack. But it's impossible to know if top regime leaders sanctioned the attack or if it was carried out by another part of the government without their knowledge and consent. An unauthorized hack would only add to Kim Jong-un's worry over his regime's instability.

    Dec 23, 2014

  • Illustrated photo of a person typing on a computer keyboard

    Commentary

    Preventing Cyber Attacks: Sharing Information About Tor

    While Tor has many benefits, it is also used to hide criminal activity online such as the recent cyber attacks against JPMorgan Chase and Sony Pictures. The U.S. government should share the IP addresses of Tor network nodes with U.S. critical infrastructure and financial firms so that future cyber attacks could be prevented.

    Dec 17, 2014

  • North Korean leader Kim Jong-un guides a takeoff and landing drill on a highway airfield in this undated photo released by North Korea's Korean Central News Agency in Pyongyang, October 19, 2014

    Commentary

    How Should the U.S. Respond to the Sony Hack?

    North Korea is likely testing the United States and its cyber community to see where vulnerabilities may exist. So this is not just an issue of how Sony Pictures responds—this is an issue of how the United States responds.

    Dec 11, 2014

  • Richard Danzig, Adm. Michael S. Rogers, and Michael E. Leiter at RAND's Politics Aside 2014

    Blog

    Setting Standards for Cyber Security

    Developing international norms and standards about appropriate cyber security activity by nations, groups, and even individuals is key to governing online activity in the future, said NSA Director Adm. Michael S. Rogers during a panel discussion at RAND's Politics Aside event.

    Nov 14, 2014

  • Tinker Air Force Base Computing Center

    Commentary

    Cost Considerations in Cloud Computing

    Until the Department of Defense develops official guidance for cost analysis of cloud and data centers, examining cost drivers for several data management approaches can help guide DoD analysts.

    Oct 2, 2014

  • Oscar-winning actress Jennifer Lawrence has contacted authorities to investigate who stole and posted nude images of her online, part of a reported mass hacking of celebrities' intimate photos

    Commentary

    Hackerazzi: How Naked Celebrities Might Make the Cloud Safer

    Despite data breach after data breach that lays bare the personal information of millions of people, leading to only incremental changes by the hacked company, it seems it only takes a handful of celebrity nude selfies to bring issues like cloud security and multi-factor authentication to the fore causing immediate changes.

    Sep 8, 2014

  • Man in living room with smart television

    Commentary

    Are You Sitting Comfortably? Understanding the Security and Privacy Implications of the Internet-Connected Living Room

    The modern living room contains a range of Internet-connected devices. This increased connectivity comes with privacy and security concerns, threats to consumers, and challenges for industry.

    Sep 3, 2014

  • Two boys sitting on a couch playing video games, photo by Sean Davis/Fotolia
  • Report

    Report

    Ramifications of DARPA's Programming Computation on Encrypted Data Program

    RAND was asked to evaluate whether the Programming Computation on Encrypted Data program -- which expands the knowledge base of the global cryptographic community -- is likely to provide more benefits to the United States than it does to its global rivals.

    Aug 25, 2014

  • Astronomical observatory

    Periodical

    RAND Review: Vol. 38, No. 2, Summer 2014

    The cover story discusses the rising wave of cybercrime and possible responses to it, while other features highlight research on medical innovation and U.S. security cooperation, plus public policy insights from Victor Hugo.

    Aug 7, 2014

  • car interior with a dashboard computer

    Commentary

    Sounding the Car Alarm on Hackers

    Security protections on vehicles have not kept pace with systems that control safety features, navigation capabilities, and wireless communication functions. Onboard computer networks will likely become much more attractive to hackers.

    Jun 30, 2014

  • Report

    Report

    How Do We Know What Information Sharing Is Really Worth? Exploring Methodologies to Measure the Value of Information Sharing and Fusion Efforts

    This report discusses the challenges of evaluating information-sharing efforts that seek to achieve multiple goals simultaneously; reviews past evaluations of information-sharing programs; and lays out a path to improving the evaluation of such efforts.

    Jun 18, 2014