Skip to page content

Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

Report

Response Options to Cyberattacks on U.S. Government Networks

Apr 29, 2022

The United States has proved vulnerable to cyber incidents, and a lack of response has emboldened Russia and China to expand their cyber espionage activities. Have U.S. responses changed over time or affected adversary behavior? What lessons do these cases offer for future policymaking?
Report

Competition and Restraint in Cyberspace

Mar 7, 2022

Recent years have seen a mounting concern in the United States over foreign efforts to harm election security or legitimacy through cyber means, an increase in cyber espionage, and attacks of growing sophistication. How could international norms help constrain such destabilizing behavior in cyberspace?

Explore Cybersecurity

Multimedia

Crisis and Escalation in Cyberspace

In a presentation at the Google LAX Office, Martin Libicki, Adjunct Management Scientist, RAND Corporation, discusses the evolving field of cyberwarfare, and the form of crisis and escalation in the context of cyberspace.

Nov 15, 2012
Journal Article

Good Practice Guide Addresses Network and Information Security Aspects of Cybercrime

The sharing and exchange of information between Computer Emergency Response Teams (CERTs) and the law enforcement community in Europe face several legal and operational barriers. This report offers recommendations for CERTs, law enforcement, and policymakers in Brussels.

Nov 1, 2012
Journal Article

Incentives and Barriers of the Cyber Insurance Market in Europe

ENISA conducted a study identifying possible causes inhibiting the cyber-insurance market in Europe and investigating incentives to kick-start its development.

Jun 28, 2012
Commentary

The Case for a Cyber-Security Safety Board: A Global View on Risk

Innovative approaches are needed to break the current stalemate of information sharing and to build a solid and reliable evidence base on the state of cyber-security, writes Neil Robinson.

Jun 18, 2012
Commentary

Setting International Norms on Cyberwar Might Beat a Treaty

Restricting cyberweapon development could be harmful inasmuch as its core activity is the discovery of vulnerabilities in software—the very activity also required to bulletproof software against attacks from criminal hackers, writes Martin Libicki.

Jun 11, 2012
Report

Exploring How the EU Should Establish a Cybercrime Centre

After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.

Mar 27, 2012
Report

The Characteristics of Cyberspace Pose Challenges to Those Who Seek to Defend It

It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.

Dec 20, 2011
Journal Article

A Flair for Sharing - Encouraging Information Exchange Between CERTs

This study focuses on the legal and regulatory aspects of information sharing and cross-border collaboration of national/governmental CERTs in Europe.

Dec 16, 2011
Report

Evaluation of DG SANCO data management practices: Final report

The EC Health and Consumer Protection Directorate-General commissioned RAND Europe to provide support in developing a comprehensive data strategy for DG SANCO that meets the needs of increasingly evidence-based policymaking in the future.

Sep 8, 2011
Journal Article

Toward a U.S. Army Cyber Security Culture

This article defines and explores the concept of cyber security culture within the context of the U.S. Army.

Sep 1, 2011
Commentary

Could Bin Laden's Death Prompt a Cyber Attack?

A truly monumental attack that could cripple key U.S. computer systems — something akin to the Stuxnet worms attack on Iran's nuclear infrastructure, for example — would take many months of planning, significant expertise, and a great deal of money to pull off, writes Isaac Porche.

May 6, 2011
Report

Influences on the Adoption of Multifactor Authentication

Passwords are proving less and less capable of protecting computer systems from abuse. Multifactor authentication (MFA) — which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) — is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA — and where they choose to use it.

Apr 15, 2011
Report

Understanding the Security, Privacy, and Trust Aspects of Cloud Computing

Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources—such as storage and applications—that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses.

Apr 4, 2011
Journal Article

Encryption and the Loss of Patient Data

Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does.

Jan 1, 2011
Commentary

Stuxnet Is the World's Problem

The highly sophisticated Stuxnet computer worm suspected of sending Iran's nuclear centrifuges into self-destruction mode forces a difficult debate on whether longstanding firewalls in our country's democracy should be breached for the sake of national security, writes Isaac Porche.

Dec 9, 2010
Journal Article

Understanding Incentives and Network Security Challenges for Information Sharing

The importance of information sharing to ensuring network and information security is widely acknowledged by both policy-makers and by the technical and practitioner community. At the request of ENISA, RAND examined the barriers to and incentives for information sharing in the field of network and information security and made appropriate recommendations for European, national, and private stakeholders.

Sep 8, 2010
Brochure

Chaos or Control?

What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.

Mar 11, 2010
Journal Article

Security, at What Cost?

Much of the current debate concerning civil liberties and security is adversarial, and little robust research data informs these arguments.This paper outlines the results of a study that attempts to objectively understand the real privacy, liberty and security trade-offs made by individuals, so that policymakers can be better informed about the preferences of individuals with regard to these important issues.

Jan 1, 2010
News Release

U.S. Must Focus on Protecting Critical Computer Networks from Cyber Attack

Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

Oct 8, 2009
Report

Cyberdeterrence and Cyberwar

Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

Sep 10, 2009

Previous
11
12
13
14
15
16
17
18
19
20
Next

RAND Topic:
Cybersecurity

Topic Synonyms:
Information Security;
INFOSEC

Research conducted by