Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Commentary

    Cyber Attacks Reveal Uncomfortable Truths About U.S. Defenses

    Without government investments and policies to drive transparency and a clear understanding of what cybersecurity tools do, how well they work, and how securely they are built, the United States risks continuing to offer its adversaries the means to undermine its systems and, ultimately, its security.

    Sep 21, 2023

  • Commentary

    When a Quantum Computer Is Able to Break Our Encryption, It Won't Be a Secret

    Policymakers and cybersecurity analysts should avoid messaging that emphasizes the risk that cryptanalytically relevant quantum computers developed in secret could be imminent or already operational. There is already more than enough reason to upgrade our communications systems to resist attacks from quantum computers as soon as possible.

    Sep 13, 2023

Explore Cybersecurity

  • Report

    Report

    Planning for Significant Cyber Incidents: An Introduction for Decisionmakers

    This report describes contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing it. It summarizes a companion how-to guide by the same authors.

    Jun 27, 2022

  • Art installation “Machine Hallucinations—Space: Metaverse” by artist Refik Anadol, in Hong Kong, China, September 30, 2021, photo by Tyrone Siu/Reuters

    Commentary

    The Metaverse: What It Is and Is Not

    The metaverse is quickly expanding, but its meaning remains unclear. Until an agreement on a definition of “metaverse” is reached, efforts to manage the technology development and related public policy could be muddled at best.

    Jun 20, 2022

  • A computer server with brightly colored lines representing computer networks. Photo by piranka / Getty Images, A computer server with brightly colored lines representing compu

    Commentary

    Disclosure of Software Supply Chain Risks

    This Perspective presents a set of proposed disclosure rules that the U.S. Securities and Exchange Commission could implement to help address software supply chain risks and improve security.

    May 26, 2022

  • Report

    Report

    Managing Response to Significant Cyber Incidents: Comparing Event Life Cycles and Incident Response Across Cyber and Non-Cyber Events

    This report examines U.S. structures and processes for non-cyber emergency management and whether U.S. officials can learn from these other incidents to help public and private sector stakeholders improve preparations for response to cyber incidents.

    May 12, 2022

  • 5G network with abstract high speed technology POV motion blur, photo by Tierney/AdobeStock

    Report

    Securing 5G: A Way Forward in the U.S. and China Security Competition

    Across the United States and globally, 5G networks are being deployed and will one day replace many older cellular networks. But there are security concerns about 5G networks built using Chinese equipment and 5G phones made by some Chinese companies.

    Apr 29, 2022

  • Blue and red cables transmitting data signals, image by Alexey Novikov/Adobe Stock

    Report

    Response Options to Cyberattacks on U.S. Government Networks

    The United States has proved vulnerable to cyber incidents, and a lack of response has emboldened Russia and China to expand their cyber espionage activities. Have U.S. responses changed over time or affected adversary behavior? What lessons do these cases offer for future policymaking?

    Apr 29, 2022

  • Hollywood Presbyterian Medical Center, the victim of a cyberattack that crippled its electronic database for days, in Los Angeles, California, February 16, 2016, photo by Mario Anzuoni/Reuters

    Commentary

    Preparing for a Cyberattack Starts at the Local Level

    The ongoing Russian war in Ukraine has highlighted the need for federal, state, and local level emergency managers to prepare to respond to a cyberattack with widespread impacts that significantly disrupt critical infrastructure.

    Apr 18, 2022

  • Illustration of online extremists by Jessica Arana/RAND Corporation from Sean Rayford/Alamy; dem10/Getty Images; sestovic/Getty Images; Dilok Klaisataporn/Getty Images; Comstock/Getty Images

    Commentary

    How Extremism Operates Online

    Extremist groups use internet-based tools for financing, networking and coordination, recruitment and radicalization, inter- and intra-group knowledge transfer, and mobilization to action. How do internet users engage with these efforts? And can the internet be leveraged to counter extremism?

    Apr 12, 2022

  • Dissertation

    Dissertation

    To Disclose, or Not to Disclose, That Is the Question: A Methods-Based Approach for Examining & Improving the US Government's Vulnerabilities Equities Process

    Analyzes the current Vulnerabilities Equities Process through a mixed methods approach.

    Mar 11, 2022

  • Journal Article

    Journal Article

    It's Getting Harder to Do: Countering Terrorist Use of the Internet

    Terrorists continue to use the Internet to plan, train, recruit, and execute terrorist attacks. This book chapter examines how terrorist Internet use has changed over time and new social media platforms make terrorism investigations harder to do.

    Mar 9, 2022

  • Red world map with areas circled, illustration by traffic_analyzer/Getty Images

    Report

    Competition and Restraint in Cyberspace

    Recent years have seen a mounting concern in the United States over foreign efforts to harm election security or legitimacy through cyber means, an increase in cyber espionage, and attacks of growing sophistication. How could international norms help constrain such destabilizing behavior in cyberspace?

    Mar 4, 2022

  • Blog

    RAND Commentary Highlights of 2021

    Vaccine rollouts, an attack on the U.S. Capitol, massive ransomware attacks, the withdrawal from Afghanistan, record numbers of job openings and people quitting, and more. RAND researchers weighed in on all these topics and more.

    Dec 21, 2021

  • Tech. Sgt. Rosa Valdes and Staff Sgt. Rebecca Toland, non-destructive inspection technicians from the 140th Maintenance Squadron, perform an inspection of the 446 bulkhead on a block-30 F-16 Fighting Falcon aircraft. The 446 bulkhead is aft fuselage structure of the F-16 aircraft that supports the tail structure and recent tests have indicated an increased amount of stress cracks in this area, photo by Senior Master Sgt. John Rohrer/U.S. Air National Guard

    Report

    Wing-Level Mission Assurance for a Cyber-Contested Environment

    The authors offer ways to help wings assure their missions despite cyber attacks, focusing on how wings can maintain situational awareness, defend their systems, and respond to and recover from attacks to survive and operate when under cyber attack.

    Dec 9, 2021

  • A woman with a smartphone is seen in front of social media logos, May 25, 2021, photo by Dado Ruvic/Reuters

    Commentary

    Understanding the Online Extremist Ecosystem

    By the early 2010s, it was clear that the internet provided white supremacists and other extremists a tool to operationalize their hateful ideas and cause real-world harms. How can the average user understand their risk of exposure to extremist content and make informed decisions about the platforms they use?

    Dec 2, 2021

  • Brochure

    Brochure

    Cybersecurity

    This brochure describes RAND Corporation research and analysis in this area, with examples from such diverse areas as organizational planning and implementation and cybersecurity workforce recruitment, retention, and management.

    Nov 30, 2021

  • Close view of a quantum computer, photo by Bartek Wróblewski/Adobe Stock

    Report

    Commercial and Military Applications of Quantum Technology

    There are three main categories of quantum technology: quantum sensing, quantum communication, and quantum computing. How—and when—might these technologies affect national security? And which countries lead in developing them?

    Oct 28, 2021

  • An isometric graphic illustration the supply chain for Internet of Things products.

    Multimedia

    Unraveling the Gordian Knot: Considering Supply Chain Resiliency

    An overview of testimony by Caolionn O'Connell presented before a House Energy and Commerce Subcommittee on Consumer Protection and Commerce on October 14, 2021.

    Oct 14, 2021

  • Brochure

    Brochure

    Select RAND Research on the Information Environment: 2014-2020

    This volume is an important resource for anyone who is interested in gaining an informed understanding of operations in the information environment.

    Oct 7, 2021

  • Two men looking at a mobile phone, photo by Muhammad Faiz Zulkeflee/Unsplash

    Journal Article

    Written Evidence Submitted by RAND Europe: TFP0036 Tech and the Future of UK Foreign Policy

    This document is RAND Europe's submission to the UK Parliament's call for evidence on how the Foreign, Commonwealth and Development Office could support the UK's response to the opportunities and challenges presented by new and emerging technologies.

    Sep 21, 2021

  • A group of people displayed over a map showing digital connections, image by metamorworks/Getty Images

    Commentary

    The Implications for Human Rights in the Digital Age

    As society relies more and more on digital technologies, there are growing implications for human rights and individuals' fundamental freedoms—both positive and negative.

    Sep 3, 2021