Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Blue and red cables transmitting data signals, image by Alexey Novikov/Adobe Stock

    Report

    Response Options to Cyberattacks on U.S. Government Networks

    Apr 29, 2022

    The United States has proved vulnerable to cyber incidents, and a lack of response has emboldened Russia and China to expand their cyber espionage activities. Have U.S. responses changed over time or affected adversary behavior? What lessons do these cases offer for future policymaking?

  • Red world map with areas circled, illustration by traffic_analyzer/Getty Images

    Report

    Competition and Restraint in Cyberspace

    Mar 7, 2022

    Recent years have seen a mounting concern in the United States over foreign efforts to harm election security or legitimacy through cyber means, an increase in cyber espionage, and attacks of growing sophistication. How could international norms help constrain such destabilizing behavior in cyberspace?

Explore Cybersecurity

  • Illustration of a large gavel crashing down on self-driving cars, illustration by Chris Philpot

    Essay

    Who's Responsible When Your Car Gets Hacked?

    Cars are becoming "fast, heavy artificial intelligences on wheels," a RAND report cautions, and that means they're becoming vulnerable. Potentially billions of dollars ride on the question of who has the legal responsibility to keep hackers from grabbing the wheel or cutting the brakes.

    Oct 23, 2019

  • Digital concept of a brain, photo by Vertigo3d/Getty Images

    Commentary

    Our Future Lies in Making AI Robust and Verifiable

    We are hurtling towards a future in which AI is omnipresent. This AI-enabled future is blinding in its possibilities for prosperity, security, and well-being. Yet, it is also crippling in its fragility. What might it take for it all to come to a screeching halt?

    Oct 22, 2019

  • Report

    Report

    Literature on Personnel Vetting Processes and Procedures: Annotated Selected Bibliography

    To help inform the U.S. government in its efforts to improve the vetting processes for public trust and national security positions and protect its assets and information, the authors assembled a selected bibliography of relevant literature.

    Oct 14, 2019

  • Concept of artificial intelligence winning at chess, photo by JohnDWilliams/Getty Images

    Report

    The Emerging Risk of Virtual Societal Warfare

    Living in an information society opens unprecedented opportunities for hostile rivals to cause disruption, delay, inefficiency, and harm. Social manipulation techniques are evolving beyond disinformation and cyberattacks on infrastructure sites. How can democracies protect themselves?

    Oct 9, 2019

  • Journal Article

    Journal Article

    Cybersecurity: A State-of-The-Art Review

    This study examines the current state-of-the-art in the field of cybersecurity, reporting on the methods and analysis undertaken to assess this area. It also provides research questions for the NCTV to consider for their research agenda.

    Sep 4, 2019

  • The U.S. Navy's guided-missile destroyer USS William P. Lawrence transits international waters of the South China Sea with ships from India, Japan, and the Philippines, May 5, 2019, photo by Japan Maritime Self-Defense Force

    Report

    The Thickening Web of Asian Security Cooperation

    Key U.S. allies and partners in the Indo-Pacific have been strengthening their defense ties with regional actors over the past two decades. To what extent is this a response to the perceived threat of a rising, assertive China? And how will these new commitments affect the United States?

    Aug 29, 2019

  • Report

    Report

    Assessing Department of Defense Use of Data Analytics and Enabling Data Management to Improve Acquisition Outcomes

    Congress asked about acquisition data analytics in the Department of Defense. This report identifies and measures capabilities and recent progress. Barriers to improvement include a culture against data sharing due to security and burden concerns.

    Aug 13, 2019

  • Research Brief

    Research Brief

    Assessing the Use of Data Analytics in Department of Defense Acquisition

    This research brief addresses congressional concerns about the use of data analysis, measurement, and other evaluation-related methods in U.S. Department of Defense acquisition programs and decisionmaking.

    Aug 13, 2019

  • Blog

    Data Breaches, Correctional Security, Fentanyl: RAND Weekly Recap

    This weekly recap focuses on how consumers respond to data breaches, new security challenges facing correctional institutions, how fentanyl is changing the opioid crisis, and more.

    Aug 2, 2019

  • A guard leaves the Lee Correctional Institution in Bishopville, South Carolina, April 16, 2018, photo by Randall Hill/Reuters

    Report

    What Correctional Institutions Need to Address Security Challenges

    Some threats to the security of correctional institutions, such as violence, escape attempts, and contraband, are as old as the institutions themselves. But as society and technology evolve, new threats are emerging, including hacking, synthetic drugs, and drones.

    Jul 31, 2019

  • Report

    Fostering Innovation to Respond to Top Challenges in Law Enforcement: Proceedings of the National Institute of Justice's 2018 Chiefs' Panel on Priority Law Enforcement Issues and Needs

    An expert panel of law enforcement leaders identified challenges facing law enforcement today, and their priorities are presented in this report. Panel members discussed needs for innovation that, if pursued, might help resolve those challenges.

    Jul 22, 2019

  • Smart car 3D rendering, photo by Production Perig/Adobe Stock

    Research Brief

    When an Autonomous Vehicle Is Hacked, Who Is Liable?

    Hacks on autonomous vehicles could lead to deaths, property destruction, ransomware attacks, or data theft. Several scenarios illustrate the policy challenges facing the civil legal system, insurers, and others.

    Jul 12, 2019

  • Report

    Report

    When Autonomous Vehicles Are Hacked, Who Is Liable?

    The arrival of autonomous vehicles (AVs) on the roads will require policymakers, industry, and the public to adapt to the risk of hackers attacking these vehicles. RAND researchers explored the civil liability issues related to hacked AVs.

    Jul 12, 2019

  • A portion of a city model glows red indicating a cyber threat to infrastructure at the DarkMatter booth during the Black Hat information security conference in Las Vegas, Nevada, July 26, 2017

    Commentary

    Fighting and Winning the Undeclared Cyber War

    Russia has executed deliberate intrusions into U.S. critical infrastructure since at least 2011. These systems have included government entities, commercial facilities, water resource plants, and aviation institutions. What actions or policies can the U.S. execute to improve security?

    Jun 24, 2019

  • NATO flag against a background of binary numbers, photo by robsonphoto/Adobe Stock

    Report

    Cyberspace as a Military Domain: Lessons for NATO

    In 2016, NATO identified cyberspace as a new operational domain. What steps has the alliance taken since then to bolster its cyber capabilities? And what are the greatest challenges that still lie ahead?

    Jun 20, 2019

  • The Olympic torch of the Tokyo 2020 Olympic Games in Tokyo, Japan June 1, 2019, photo by Issei Kato/Reuters

    Commentary

    Japan Prepares for Olympic-Level Cybersecurity

    The world's attention will be fixed on Japan as it hosts the Rugby World Cup in September and the Tokyo Olympics in 2020. Japan's cyber defenses will need to be strong enough to keep attackers out and resilient enough to restore systems should things go wrong.

    Jun 3, 2019

  • Motion blur. Abstract technology and cyber space environment, photo by Quardia/Getty Images

    Commentary

    Three 'New Rules' Worth Considering for the Internet

    Facebook's Mark Zuckerberg has called for new internet regulation starting in four areas: harmful content, election integrity, privacy, and data portability. But why stop there? His proposal could be expanded to include much more: security-by-design, net worthiness, and updated internet business models.

    May 10, 2019

  • Journal Article

    Journal Article

    Understanding Cyber Collateral Damage

    We leverage existing collateral damage methodologies in order to explore methods for assessing collateral damage from cyber incidents.

    May 2, 2019

  • An illustration of chain links represented in binary code, photo by denisismagilov / Adobe Stock

    Journal Article

    Content Analysis of Cyber Insurance Policies: How Do Carriers Price Cyber Risk?

    Thousands of data breaches occur each year with some costing millions of dollars. Consequently, cyber insurance has grown rapidly in the past decade. In this research, we conduct the first rigorous qualitative study of actual insurance policies.

    Apr 30, 2019

  • A cache of guns and ammunition uncovered by U.S. federal investigators in the home of U.S. Coast Guard lieutenant Christopher Paul Hasson in Silver Spring, Maryland, February 20, 2019, photo by U.S. Attorney's Office Maryland/Reuters

    Commentary

    Overdue Overhaul: Security Clearance Reform in a Decade of Leakers, Spies, and Insider Threats

    With the legislative and executive branches seemingly on the same page regarding the need for changes to the security clearance and vetting system, long overdue reform appears to be within reach.

    Apr 15, 2019