Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • A graphic representing an accelerating future

    Article

    Can Humans Survive a Faster Future?

    May 1, 2018

    Life is moving faster and faster. Just about everything—transportation, weapons, the flow of information—is accelerating. How will decisionmakers preserve our personal and national security in the face of hyperspeed?

Explore Cybersecurity

  • Government agents tracking cybercrime

    Commentary

    How the Pentagon Should Deter Cyber Attacks

    Foreign hackers are not afraid to launch attacks on the United States in cyberspace that they would not dare risk in a real theater of war. As cyber aggression gets worse and more brazen, the U.S. must figure out how to deter foreign actors in cyberspace as effectively as it does in nuclear and conventional warfare.

    Jan 10, 2018

  • Conceptual image of human voice

    Commentary

    Fake Voices Will Become Worryingly Accurate

    New technology can convincingly fake the human voice and create security nightmares. Considering the widespread distrust of the media, institutions, and expert gatekeepers, audio fakery could start wars.

    Jan 8, 2018

  • Report

    Gaming Space: A Game-Theoretic Methodology for Assessing the Deterrent Value of Space Control Options

    This report introduces and explains a game-theoretic methodology to help decisionmakers assess the potential effects of alternative approaches to space control.

    Jan 5, 2018

  • Tool

    Defensive Space Analysis Tool (DSPAT): Version 2.0

    This manual explains how to use the Defensive Space Analysis Tool (DSPAT), which was developed to compare alternative approaches to space control in terms of their mission effectiveness, feasibility, escalation risk, and political cost.

    Jan 5, 2018

  • The new Smart concept autonomous car Vision EQ fortwo model is presented during the Frankfurt Motor Show (IAA) in Frankfurt, Germany, September 12, 2017

    Commentary

    Autonomous Vehicles: Terrorist Threat or Security Opportunity?

    Terrorist groups that track developments in technology could be considering using self-driving cars in place of suicide bombers or for ramming attacks. But autonomous vehicle capabilities offer a range of potential benefits to law enforcement and security operations, too.

    Jan 3, 2018

  • A child poses with a Lego Boost set, a predicted top seller this Christmas, at the Hamleys toy store in London, Britain, October 12, 2017

    Commentary

    Smart Toys May Pose Risks

    Parents shouldn't avoid buying smart toys during the holidays, particularly if these devices top children's Christmas lists. But parents should definitely be wary of the security and privacy risks that smart toys can pose.

    Dec 21, 2017

  • Criminal hiding behind a mask on computer screen asking the owner for money

    Commentary

    The WannaCry Cyber Attack Could Be the First of Many If the NHS Takes No Action

    In the UK, the National Health Service (NHS) was one of the organizations most severely affected by the WannaCry ransomware. The NHS and other public sector organizations need to improve their cybersecurity processes and quickly before a more severe cyber attack takes place.

    Dec 1, 2017

  • Computer hacker with magnifying glass

    Commentary

    It's Time for the International Community to Get Serious About Vulnerability Equities

    Multiple countries around the world are likely discovering, retaining and exploiting zero-day vulnerabilities without a process to properly consider the trade-offs. This needs to change. It’s time for the international community to get serious about vulnerability equities.

    Nov 15, 2017

  • Report

    The Creation of the PLA Strategic Support Force and Its Implications for Chinese Military Space Operations

    This report explores the missions and organization of China's Strategic Support Force, created in 2015 to develop and employ space capabilities, in particular launch and operation of satellites to provide C4ISR capabilities for joint operations.

    Nov 10, 2017

  • Hands typing with visual of computer code

    Multimedia

    Equifax and the Data-Breach Era: How Worried Should We Be?

    Large-scale data breaches like those of Equifax and OPM compromised the personal data of millions of people. What can be done to improve the response to such breaches? In this October 26th congressional briefing, Lillian Ablon and Sina Beaghley address victim and lawmaker reactions, national security implications, and considerations for policymakers.

    Oct 26, 2017

  • Periodical

    RAND Review: November-December 2017

    This issue highlights recent RAND research on post-9/11 military caregivers; RAND-Lex, a computer program built at RAND that can analyze huge data sets of text; and the implications of climate change on Arctic cooperation.

    Oct 19, 2017

  • Credit cards, a chain, an open padlock, and a computer keyboard are visible next to the Equifax logo

    Commentary

    Equifax and the Data-Breach Era

    The personal and financial data of almost 146 million U.S. consumers has been compromised by the Equifax breach, the latest in a long line of high-profile hacks. Do consumers worry enough about such breaches? And what options are available to Congress?

    Oct 18, 2017

  • Tool

    Roadmap to Succeed in the Open for the National Geospatial-Intelligence Agency's Human Development Directorate

    This tool provides the National Geospatial-Intelligence Agency's Human Development Directorate with a roadmap for how employees can overcome the hurdles to achieving the agency's missions outside of secure and classified environments.

    Sep 26, 2017

  • Soldiers with U.S. Army Cyber Command take part in network defense training

    Report

    How the Army Can Retain Its Cyber Expertise

    Projected earnings for information security analysts with characteristics similar to those of enlisted soldiers are comparable with military pay. But retention efforts may be hampered by soldiers' perceptions of civilian opportunities.

    Sep 18, 2017

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

    Sep 15, 2017

  • Hacked internet of things

    Commentary

    Gaming Policy in Cyberspace

    Hacked devices and intellectual property theft are a rich hunting ground for policy development. The challenge posed by Internet-connect devices is only getting worse as the number of online devices continues to grow.

    Aug 23, 2017

  • Digital devices on a map of Australia

    Report

    Australia's Cyber Security Policy Options

    An exercise with participants from government, industry, think tanks, academia, and the media explored opportunities to improve cyber security and inform Australia's strategy. Recommendations include creating and enforcing technology security standards, crafting international agreements to address challenges, and increasing awareness to keep users safe online.

    Aug 7, 2017

  • The U.S. Capitol building illuminated at night in Washington, D.C.

    Blog

    RAND's Summer Reading List for Congress

    Hill staffers can make the most of the Congressional recess with this list of must-read research and commentary on the policy issues they will be addressing this fall.

    Aug 4, 2017

  • Girl Scouts compete in the Mission Ocean Challenge during the USS California Science Experience at Naval Surface Warfare Center, November 6, 2010

    Commentary

    Cybersecurity Badge: One Big Step for Girl Scouts, Potentially Giant Leap for Women

    The Girl Scouts will start offering 18 cybersecurity badges next year. In addition to exposing girls to cyber concepts and challenges, this could encourage them to pursue cybersecurity or other STEM careers in which women are underrepresented.

    Aug 3, 2017

  • Computer hacker working on laptop late at night in office

    Commentary

    Connect, Buy-Now, Fire: How the Dark Web Allows Criminals to Buy Weapons—Anonymously

    Despite its small size compared to the offline market, the ability of the dark web to anonymously arm individuals of all backgrounds needs to be taken seriously. Its potential impact on international security is significant.

    Jul 25, 2017