Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

Explore Cybersecurity

  • Interior of autonomous car with ones and zeroes superimposed, photo by metamorworks/Getty Images

    Commentary

    Why AV Safety and Cybersecurity Need to Be Pursued in Tandem

    Safety and cybersecurity are generally pursued by separate teams within autonomous vehicle companies. A joint approach to standards could optimize safety and cybersecurity and reduce overall risks to autonomous vehicle operation.

    Mar 20, 2019

  • A man visits the Huawei Cyber Security Transparency Centre in Brussels, Belgium, March 5, 2019, photo by Yves Herman/Reuters

    Commentary

    Public Evidence of Huawei as a Cyber Threat May Be Elusive, but Restrictions Could Still Be Warranted

    Although a “smoking gun” of Huawei involvement in government-directed espionage remains elusive, the United States has compelling security and economic reasons to consider limiting the involvement of Chinese telecommunications companies in its domestic networks.

    Mar 7, 2019

  • Cyborg head using artificial intelligence to create digital interface 3D rendering, image by sdecoret/Adobe Stock

    Q&A

    The Promise and Perils of AI: Q&A with Douglas Yeung

    Douglas Yeung, a social psychologist at RAND, discusses how any technology reflects the values, norms, and biases of its creators. Bias in artificial intelligence could have unintended consequences. He also warns that cyber attackers could deliberately introduce bias into AI systems.

    Feb 27, 2019

  • Journal Article

    Journal Article

    LGA Cyber Security Stocktake: National-Level Report

    A cybersecurity stocktake of all 353 councils in England examined IT security, leadership, governance, partnerships, technology arrangements and training, offering recommendations on areas for improvement.

    Feb 22, 2019

  • Hawaii Air National Guardsmen evaluate network vulnerabilities during the Po’oihe 2015 Cyber Security Exercise at the University of Hawaii Manoa Campus, Honolulu, HI, June 4, 2015, photo by Airman 1st Class Robert Cabuco/Hawaii Air National Guard

    Commentary

    Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

    If governments seek to create an objective framework for decision making about whether or when to disclose software vulnerabilities, what might that look like? What questions should be included, how should they influence the outcome and how can one interpret the results?

    Feb 5, 2019

  • Blog

    Federal Workers, Afghanistan, Sectarianism: RAND Weekly Recap

    This weekly recap focuses on the critical roles of federal workers, withdrawing from Afghanistan, countering sectarianism in the Middle East, and more.

    Jan 18, 2019

  • Accountability in Cyberspace: The Problem of Attribution

    Multimedia

    How to Achieve Accountability in Cyberspace

    Identifying the responsible party behind malicious cyber incidents is necessary for holding bad actors accountable. But there are many challenges that accompany cyber attribution. Creating an independent, global organization that investigates and publicly assigns blame for major hacks could help.

    Jan 14, 2019

  • Periodical

    Periodical

    RAND Review: January-February 2019

    This issue spotlights (1) research on how faith-based organizations promote health and well-being in underserved communities and (2) the Pardee RAND Graduate School's new approach to policy and training the next generation of policy experts.

    Jan 7, 2019

  • Facebook CEO Mark Zuckerberg testifies before a House Energy and Commerce Committee hearing regarding the company's use and protection of user data on Capitol Hill in Washington, U.S., April 11, 2018

    Commentary

    Data Breaches Could Cause Users to Opt Out of Sharing Personal Data. Then What?

    As tech-based systems have become all but indispensable, many institutions might assume user data will be reliable, meaningful and, most of all, plentiful. But what if this data became unreliable, meaningless, or even scarce?

    Dec 28, 2018

  • Blog

    Terrorists, Policing, Cyberattacks: RAND Weekly Recap

    This weekly recap focuses on terrorism recruitment trends, helping police find the right strategies, who should investigate cyberattacks, and more.

    Dec 21, 2018

  • Journal Article

    Journal Article

    Economics of Vulnerability Disclosure

    This study serves as a follow up to the 2015 ENISA Good Practice Guide on Vulnerability Disclosure and seeks to provide a glimpse into the economics, costs, and incentives related to discovering and disclosing vulnerabilities.

    Dec 14, 2018

  • World map with electronic circuits

    Commentary

    When Cyber Attacks Occur, Who Should Investigate?

    Data breaches and cyberattacks cross geopolitical boundaries, targeting individuals, corporations and governments. Creating a global body with a narrow focus on investigating and assigning responsibility for cyberattacks could be the first step to creating a digital world with accountability.

    Dec 6, 2018

  • Journal Article

    Journal Article

    Regulating Risks Within Complex Sociotechnical Systems: Evidence From Critical Infrastructure Cybersecurity Standards

    One of the first empirical studies of the effects of mandatory cybersecurity regulations for critical infrastructure.

    Nov 27, 2018

  • Report

    Report

    Secrecy in U.S. National Security: Why a Paradigm Shift Is Needed

    This Perspective summarizes an examination of the adequacy of the system for governing national security information secrecy. It finds the present secrecy paradigm failing and proposes major reforms in making, protecting, and releasing secrets.

    Nov 1, 2018

  • Research Brief

    Research Brief

    Requirements for Better C2 and Situational Awareness of the Information Environment

    Every military activity has informational aspects, but the information environment (IE) is not well integrated into military planning, doctrine, or processes. Better understanding of the IE will improve command and control and situational awareness.

    Nov 1, 2018

  • Report

    Report

    Improving C2 and Situational Awareness for Operations in and Through the Information Environment

    Every military activity has informational aspects, but the information environment (IE) is not well integrated into military planning, doctrine, or processes. Better understanding of the IE will improve command and control and situational awareness.

    Nov 1, 2018

  • The Security Operation Centre for Telstra, Australia's biggest telecoms firm, which is used to monitor, detect and respond to security incidents, including cyber attacks, in Sydney, Australia, August 24, 2017

    Commentary

    Financial Frameworks for Cybersecurity Are Failing

    Cybersecurity has become a team sport. But all participants on the field are playing without clear rules, without a team approach, and without knowing when to pass the ball or to whom.

    Oct 25, 2018

  • Journal Article

    Journal Article

    The Trade in Small Arms and Light Weapons on the Dark Web: A Study

    A summary of the main findings and implications of the first empirical study investigating the scale and scope of arms trafficking on the dark web, illustrating the range of weapons traded, their market price and most common transit routes.

    Oct 24, 2018

  • Processor pins of a microchip

    Commentary

    Examining the Weak Spots in Tech's Supply Chain Armor

    When an attack on the supply chain occurs, manufacturers and purchasers should be better positioned to respond and recover. Even the simplest devices can rely on parts from multiple suppliers, which may have their own suppliers and so on. But every supplier, no matter how small, represents a potential weak link in the chain.

    Oct 16, 2018

  • Cybersecurity locks illustration superimposed over a photo of Tokyo at night

    Report

    Preparing for Cybersecurity Threats to the 2020 Olympics

    The Olympic Games are an attractive target for hackers. An examination of Japan's cybersecurity threat landscape and lessons from past events can help planners reduce cybersecurity risks in advance of the 2020 Tokyo Games.

    Oct 4, 2018