Cybersecurity

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Screen showing computer code with malicious code logged error, photo by solarseven/Getty Images

    Commentary

    Software Supply Chain Risk Is Growing, but Mitigation Solutions Exist

    Software supply chain security has emerged as a leading risk because of the massively fragmented and decentralized nature of modern software development. While we still have much to learn as a community about this risk, there are concrete steps we can take to better understand and mitigate it.

    Jan 26, 2023

  • Blue binary code and blue swirling lines, photo by metamorworks/Getty Images

    Report

    Preparing for Post-Quantum Critical Infrastructure

    Quantum computers are expected to create vulnerabilities in critical infrastructure. How vulnerable are critical functions, such as distributing electricity and protecting sensitive information? And how can the government help infrastructure owners and operators?

    Aug 18, 2022

Explore Cybersecurity

  • A cache of guns and ammunition uncovered by U.S. federal investigators in the home of U.S. Coast Guard lieutenant Christopher Paul Hasson in Silver Spring, Maryland, February 20, 2019, photo by U.S. Attorney's Office Maryland/Reuters

    Commentary

    Overdue Overhaul: Security Clearance Reform in a Decade of Leakers, Spies, and Insider Threats

    With the legislative and executive branches seemingly on the same page regarding the need for changes to the security clearance and vetting system, long overdue reform appears to be within reach.

    Apr 15, 2019

  • Mock Bitcoins are displayed in Berlin, January 7, 2014, photo by Pawel Kopczynski/Reuters

    Report

    Terrorist Use of Cryptocurrencies

    Counterterrorism finance strategies have reduced terrorist access to official currencies. Will terrorist groups therefore increase their use of digital cryptocurrencies? New ones have emerged, including some that claim to be more private and secure than Bitcoin, but they also have limitations that make them less viable.

    Mar 27, 2019

  • Israeli Prime Minister Benjamin Netanyahu and Chinese President Xi Jinping shake hands ahead of their talks at Diaoyutai State Guesthouse in Beijing, China, March 21, 2017, photo by Etienne Oliveau/Reuters/Pool

    Report

    How Has the Israel-China Relationship Evolved?

    Since the early 2000s, relations between China and Israel have expanded in areas like diplomacy, trade, investment, construction, educational partnerships, scientific cooperation, and tourism. What challenges does the relationship pose for Israel and the United States?

    Mar 21, 2019

  • Interior of autonomous car with ones and zeroes superimposed, photo by metamorworks/Getty Images

    Commentary

    Why AV Safety and Cybersecurity Need to Be Pursued in Tandem

    Safety and cybersecurity are generally pursued by separate teams within autonomous vehicle companies. A joint approach to standards could optimize safety and cybersecurity and reduce overall risks to autonomous vehicle operation.

    Mar 20, 2019

  • A man visits the Huawei Cyber Security Transparency Centre in Brussels, Belgium, March 5, 2019, photo by Yves Herman/Reuters

    Commentary

    Public Evidence of Huawei as a Cyber Threat May Be Elusive, but Restrictions Could Still Be Warranted

    Although a “smoking gun” of Huawei involvement in government-directed espionage remains elusive, the United States has compelling security and economic reasons to consider limiting the involvement of Chinese telecommunications companies in its domestic networks.

    Mar 7, 2019

  • Cyborg head using artificial intelligence to create digital interface 3D rendering, image by sdecoret/Adobe Stock

    Q&A

    The Promise and Perils of AI: Q&A with Douglas Yeung

    Douglas Yeung, a social psychologist at RAND, discusses how any technology reflects the values, norms, and biases of its creators. Bias in artificial intelligence could have unintended consequences. He also warns that cyber attackers could deliberately introduce bias into AI systems.

    Feb 27, 2019

  • Journal Article

    Journal Article

    LGA Cyber Security Stocktake: National-Level Report

    A cybersecurity stocktake of all 353 councils in England examined IT security, leadership, governance, partnerships, technology arrangements and training, offering recommendations on areas for improvement.

    Feb 22, 2019

  • Hawaii Air National Guardsmen evaluate network vulnerabilities during the Po’oihe 2015 Cyber Security Exercise at the University of Hawaii Manoa Campus, Honolulu, HI, June 4, 2015, photo by Airman 1st Class Robert Cabuco/Hawaii Air National Guard

    Commentary

    Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

    If governments seek to create an objective framework for decision making about whether or when to disclose software vulnerabilities, what might that look like? What questions should be included, how should they influence the outcome and how can one interpret the results?

    Feb 5, 2019

  • RAND Weekly Recap

    Blog

    Federal Workers, Afghanistan, Sectarianism: RAND Weekly Recap

    This weekly recap focuses on the critical roles of federal workers, withdrawing from Afghanistan, countering sectarianism in the Middle East, and more.

    Jan 18, 2019

  • Accountability in Cyberspace: The Problem of Attribution

    Multimedia

    How to Achieve Accountability in Cyberspace

    Identifying the responsible party behind malicious cyber incidents is necessary for holding bad actors accountable. But there are many challenges that accompany cyber attribution. Creating an independent, global organization that investigates and publicly assigns blame for major hacks could help.

    Jan 14, 2019

  • Periodical

    Periodical

    RAND Review: January-February 2019

    This issue spotlights (1) research on how faith-based organizations promote health and well-being in underserved communities and (2) the Pardee RAND Graduate School's new approach to policy and training the next generation of policy experts.

    Jan 7, 2019

  • Facebook CEO Mark Zuckerberg testifies before a House Energy and Commerce Committee hearing regarding the company's use and protection of user data on Capitol Hill in Washington, U.S., April 11, 2018

    Commentary

    Data Breaches Could Cause Users to Opt Out of Sharing Personal Data. Then What?

    As tech-based systems have become all but indispensable, many institutions might assume user data will be reliable, meaningful and, most of all, plentiful. But what if this data became unreliable, meaningless, or even scarce?

    Dec 28, 2018

  • RAND Weekly Recap

    Blog

    Terrorists, Policing, Cyberattacks: RAND Weekly Recap

    This weekly recap focuses on terrorism recruitment trends, helping police find the right strategies, who should investigate cyberattacks, and more.

    Dec 21, 2018

  • Journal Article

    Journal Article

    Economics of Vulnerability Disclosure

    This study serves as a follow up to the 2015 ENISA Good Practice Guide on Vulnerability Disclosure and seeks to provide a glimpse into the economics, costs, and incentives related to discovering and disclosing vulnerabilities.

    Dec 14, 2018

  • World map with electronic circuits

    Commentary

    When Cyber Attacks Occur, Who Should Investigate?

    Data breaches and cyberattacks cross geopolitical boundaries, targeting individuals, corporations and governments. Creating a global body with a narrow focus on investigating and assigning responsibility for cyberattacks could be the first step to creating a digital world with accountability.

    Dec 6, 2018

  • Journal Article

    Journal Article

    Regulating Risks Within Complex Sociotechnical Systems: Evidence From Critical Infrastructure Cybersecurity Standards

    One of the first empirical studies of the effects of mandatory cybersecurity regulations for critical infrastructure.

    Nov 27, 2018

  • Report

    Report

    Secrecy in U.S. National Security: Why a Paradigm Shift Is Needed

    This Perspective summarizes an examination of the adequacy of the system for governing national security information secrecy. It finds the present secrecy paradigm failing and proposes major reforms in making, protecting, and releasing secrets.

    Nov 1, 2018

  • The Security Operation Centre for Telstra, Australia's biggest telecoms firm, which is used to monitor, detect and respond to security incidents, including cyber attacks, in Sydney, Australia, August 24, 2017

    Commentary

    Financial Frameworks for Cybersecurity Are Failing

    Cybersecurity has become a team sport. But all participants on the field are playing without clear rules, without a team approach, and without knowing when to pass the ball or to whom.

    Oct 25, 2018

  • Journal Article

    Journal Article

    The Trade in Small Arms and Light Weapons on the Dark Web: A Study

    A summary of the main findings and implications of the first empirical study investigating the scale and scope of arms trafficking on the dark web, illustrating the range of weapons traded, their market price and most common transit routes.

    Oct 24, 2018

  • Processor pins of a microchip

    Commentary

    Examining the Weak Spots in Tech's Supply Chain Armor

    When an attack on the supply chain occurs, manufacturers and purchasers should be better positioned to respond and recover. Even the simplest devices can rely on parts from multiple suppliers, which may have their own suppliers and so on. But every supplier, no matter how small, represents a potential weak link in the chain.

    Oct 16, 2018

Research conducted by