Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Cyber Security Threats

    Multimedia

    Strategies for Minimizing Cybersecurity Risks

    Feb 24, 2021

    RAND senior international/defense researcher Quentin Hodgson presents strategies for minimizing cybersecurity risks that can be implemented at individual, organizational, national, and international levels.

  • An illustration of a pacemaker in a person's chest, image by peterschreiber.media/Adobe Stock

    Essay

    Are We Ready for the Internet of Bodies?

    Jan 8, 2021

    Any device can be hacked, including one inside the human body. We need to think through the privacy and security implications of devices that live with us. But we should also consider the life-changing, life-saving potential of technologies that know us inside and out.

Explore Cybersecurity

  • The Olympic torch of the Tokyo 2020 Olympic Games in Tokyo, Japan June 1, 2019, photo by Issei Kato/Reuters

    Commentary

    Japan Prepares for Olympic-Level Cybersecurity

    The world's attention will be fixed on Japan as it hosts the Rugby World Cup in September and the Tokyo Olympics in 2020. Japan's cyber defenses will need to be strong enough to keep attackers out and resilient enough to restore systems should things go wrong.

    Jun 3, 2019

  • Motion blur. Abstract technology and cyber space environment, photo by Quardia/Getty Images

    Commentary

    Three 'New Rules' Worth Considering for the Internet

    Facebook's Mark Zuckerberg has called for new internet regulation starting in four areas: harmful content, election integrity, privacy, and data portability. But why stop there? His proposal could be expanded to include much more: security-by-design, net worthiness, and updated internet business models.

    May 10, 2019

  • Journal Article

    Journal Article

    Understanding Cyber Collateral Damage

    We leverage existing collateral damage methodologies in order to explore methods for assessing collateral damage from cyber incidents.

    May 2, 2019

  • An illustration of chain links represented in binary code, photo by denisismagilov / Adobe Stock

    Journal Article

    Content Analysis of Cyber Insurance Policies: How Do Carriers Price Cyber Risk?

    Thousands of data breaches occur each year with some costing millions of dollars. Consequently, cyber insurance has grown rapidly in the past decade. In this research, we conduct the first rigorous qualitative study of actual insurance policies.

    Apr 30, 2019

  • Russian President Vladimir Putin chairs a meeting with members of the Security Council at the Kremlin in Moscow, Russia, April 5, 2019, photo by Sputnik/Kremlin/Alexei Druzhinin via Reuters

    Commentary

    Mueller Report May Result in Russian Sanctions but Not Better Behavior

    The Mueller report could help mobilize political pressure in the United States for a stronger posture toward Russian activities that harm American and allied interests. But the Kremlin will likely still see propaganda, disinformation, and subterfuge as useful tools to undermine America's values and cohesion.

    Apr 26, 2019

  • A cache of guns and ammunition uncovered by U.S. federal investigators in the home of U.S. Coast Guard lieutenant Christopher Paul Hasson in Silver Spring, Maryland, February 20, 2019, photo by U.S. Attorney's Office Maryland/Reuters

    Commentary

    Overdue Overhaul: Security Clearance Reform in a Decade of Leakers, Spies, and Insider Threats

    With the legislative and executive branches seemingly on the same page regarding the need for changes to the security clearance and vetting system, long overdue reform appears to be within reach.

    Apr 15, 2019

  • Mock Bitcoins are displayed in Berlin, January 7, 2014, photo by Pawel Kopczynski/Reuters

    Report

    Terrorist Use of Cryptocurrencies

    Counterterrorism finance strategies have reduced terrorist access to official currencies. Will terrorist groups therefore increase their use of digital cryptocurrencies? New ones have emerged, including some that claim to be more private and secure than Bitcoin, but they also have limitations that make them less viable.

    Mar 27, 2019

  • Israeli Prime Minister Benjamin Netanyahu and Chinese President Xi Jinping shake hands ahead of their talks at Diaoyutai State Guesthouse in Beijing, China, March 21, 2017, photo by Etienne Oliveau/Reuters/Pool

    Report

    How Has the Israel-China Relationship Evolved?

    Since the early 2000s, relations between China and Israel have expanded in areas like diplomacy, trade, investment, construction, educational partnerships, scientific cooperation, and tourism. What challenges does the relationship pose for Israel and the United States?

    Mar 21, 2019

  • Interior of autonomous car with ones and zeroes superimposed, photo by metamorworks/Getty Images

    Commentary

    Why AV Safety and Cybersecurity Need to Be Pursued in Tandem

    Safety and cybersecurity are generally pursued by separate teams within autonomous vehicle companies. A joint approach to standards could optimize safety and cybersecurity and reduce overall risks to autonomous vehicle operation.

    Mar 20, 2019

  • A man visits the Huawei Cyber Security Transparency Centre in Brussels, Belgium, March 5, 2019, photo by Yves Herman/Reuters

    Commentary

    Public Evidence of Huawei as a Cyber Threat May Be Elusive, but Restrictions Could Still Be Warranted

    Although a “smoking gun” of Huawei involvement in government-directed espionage remains elusive, the United States has compelling security and economic reasons to consider limiting the involvement of Chinese telecommunications companies in its domestic networks.

    Mar 7, 2019

  • Cyborg head using artificial intelligence to create digital interface 3D rendering, image by sdecoret/Adobe Stock

    Q&A

    The Promise and Perils of AI: Q&A with Douglas Yeung

    Douglas Yeung, a social psychologist at RAND, discusses how any technology reflects the values, norms, and biases of its creators. Bias in artificial intelligence could have unintended consequences. He also warns that cyber attackers could deliberately introduce bias into AI systems.

    Feb 27, 2019

  • Journal Article

    Journal Article

    LGA Cyber Security Stocktake: National-Level Report

    A cybersecurity stocktake of all 353 councils in England examined IT security, leadership, governance, partnerships, technology arrangements and training, offering recommendations on areas for improvement.

    Feb 22, 2019

  • Hawaii Air National Guardsmen evaluate network vulnerabilities during the Po’oihe 2015 Cyber Security Exercise at the University of Hawaii Manoa Campus, Honolulu, HI, June 4, 2015, photo by Airman 1st Class Robert Cabuco/Hawaii Air National Guard

    Commentary

    Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

    If governments seek to create an objective framework for decision making about whether or when to disclose software vulnerabilities, what might that look like? What questions should be included, how should they influence the outcome and how can one interpret the results?

    Feb 5, 2019

  • Blog

    Federal Workers, Afghanistan, Sectarianism: RAND Weekly Recap

    This weekly recap focuses on the critical roles of federal workers, withdrawing from Afghanistan, countering sectarianism in the Middle East, and more.

    Jan 18, 2019

  • Accountability in Cyberspace: The Problem of Attribution

    Multimedia

    How to Achieve Accountability in Cyberspace

    Identifying the responsible party behind malicious cyber incidents is necessary for holding bad actors accountable. But there are many challenges that accompany cyber attribution. Creating an independent, global organization that investigates and publicly assigns blame for major hacks could help.

    Jan 14, 2019

  • Periodical

    Periodical

    RAND Review: January-February 2019

    This issue spotlights (1) research on how faith-based organizations promote health and well-being in underserved communities and (2) the Pardee RAND Graduate School's new approach to policy and training the next generation of policy experts.

    Jan 7, 2019

  • Facebook CEO Mark Zuckerberg testifies before a House Energy and Commerce Committee hearing regarding the company's use and protection of user data on Capitol Hill in Washington, U.S., April 11, 2018

    Commentary

    Data Breaches Could Cause Users to Opt Out of Sharing Personal Data. Then What?

    As tech-based systems have become all but indispensable, many institutions might assume user data will be reliable, meaningful and, most of all, plentiful. But what if this data became unreliable, meaningless, or even scarce?

    Dec 28, 2018

  • Blog

    Terrorists, Policing, Cyberattacks: RAND Weekly Recap

    This weekly recap focuses on terrorism recruitment trends, helping police find the right strategies, who should investigate cyberattacks, and more.

    Dec 21, 2018

  • Journal Article

    Journal Article

    Economics of Vulnerability Disclosure

    This study serves as a follow up to the 2015 ENISA Good Practice Guide on Vulnerability Disclosure and seeks to provide a glimpse into the economics, costs, and incentives related to discovering and disclosing vulnerabilities.

    Dec 14, 2018

  • World map with electronic circuits

    Commentary

    When Cyber Attacks Occur, Who Should Investigate?

    Data breaches and cyberattacks cross geopolitical boundaries, targeting individuals, corporations and governments. Creating a global body with a narrow focus on investigating and assigning responsibility for cyberattacks could be the first step to creating a digital world with accountability.

    Dec 6, 2018