Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water by Eileen Delson La Russo/RAND, adapted from images by Agil_Leonardo, Matejmo, and Byakkaya/Getty Images

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security, photo by oatawa/Getty Images

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Sep 15, 2017

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

Explore Cybersecurity

  • Tool

    Roadmap to Succeed in the Open for the National Geospatial-Intelligence Agency's Human Development Directorate

    This tool provides the National Geospatial-Intelligence Agency's Human Development Directorate with a roadmap for how employees can overcome the hurdles to achieving the agency's missions outside of secure and classified environments.

    Sep 26, 2017

  • Soldiers with U.S. Army Cyber Command take part in network defense training

    Report

    How the Army Can Retain Its Cyber Expertise

    Projected earnings for information security analysts with characteristics similar to those of enlisted soldiers are comparable with military pay. But retention efforts may be hampered by soldiers' perceptions of civilian opportunities.

    Sep 18, 2017

  • Hacked internet of things

    Commentary

    Gaming Policy in Cyberspace

    Hacked devices and intellectual property theft are a rich hunting ground for policy development. The challenge posed by Internet-connect devices is only getting worse as the number of online devices continues to grow.

    Aug 23, 2017

  • Digital devices on a map of Australia

    Report

    Australia's Cyber Security Policy Options

    An exercise with participants from government, industry, think tanks, academia, and the media explored opportunities to improve cyber security and inform Australia's strategy. Recommendations include creating and enforcing technology security standards, crafting international agreements to address challenges, and increasing awareness to keep users safe online.

    Aug 7, 2017

  • The U.S. Capitol building illuminated at night in Washington, D.C.

    Blog

    RAND's Summer Reading List for Congress

    Hill staffers can make the most of the Congressional recess with this list of must-read research and commentary on the policy issues they will be addressing this fall.

    Aug 4, 2017

  • Girl Scouts compete in the Mission Ocean Challenge during the USS California Science Experience at Naval Surface Warfare Center, November 6, 2010

    Commentary

    Cybersecurity Badge: One Big Step for Girl Scouts, Potentially Giant Leap for Women

    The Girl Scouts will start offering 18 cybersecurity badges next year. In addition to exposing girls to cyber concepts and challenges, this could encourage them to pursue cybersecurity or other STEM careers in which women are underrepresented.

    Aug 3, 2017

  • Computer hacker working on laptop late at night in office

    Commentary

    Connect, Buy-Now, Fire: How the Dark Web Allows Criminals to Buy Weapons—Anonymously

    Despite its small size compared to the offline market, the ability of the dark web to anonymously arm individuals of all backgrounds needs to be taken seriously. Its potential impact on international security is significant.

    Jul 25, 2017

  • Russian President Vladimir Putin speaks during a news conference after the G20 summit in Hamburg, Germany, July 8, 2017

    Commentary

    Russian Information Warfare: A Reality That Needs a Response

    For the last three decades, Russia has exploited its growing capabilities in cyberspace to spy on, influence, and punish others. The West will continue to struggle to hold Moscow accountable, in part because international law falls far short of fully defining the rules or resolving conflicts.

    Jul 21, 2017

  • News Release

    US Weapons Main Source of Illegal Arms Trade on the Dark Web

    The illegal sales on the dark web of firearms, weapons, explosives, and banned digital guides on homemade products present challenges for law enforcement agencies and national governments. Its potential to anonymously arm criminals and terrorists, as well as vulnerable and fixated individuals, is the most dangerous aspect.

    Jul 19, 2017

  • A laptop computer, a 9mm handgun, and bullets

    Report

    U.S. Weapons Are the Main Source of Illegal Arms on the Dark Web

    Sixty percent of weapons on sale on the dark web come from the United States. This illicit market for firearms, explosives, and ammunition can anonymously arm criminals, terrorists, and others.

    Jul 19, 2017

  • Peter Norton attending a Center for Global Risk and Security Advisory Board meeting in October 2008

    Content

    Peter Norton: Entrepreneur, Art Collector, and RAND Advisory Board Member

    When the Saudi kingdom hired RAND in the 1980s to advise its information technology industry on the best bets for future investment, RAND researchers consulted expert Peter Norton to back up their findings. Norton has supported RAND ever since.

    Jul 3, 2017

  • Report

    Cyber Power Potential of the Army's Reserve Component

    Describes the availability of personnel with cyber skills in the private sector and the number of Army reserve component soldiers available to support the Army's cyber mission needs.

    Jun 15, 2017

  • A man holds a laptop computer as cyber code is projected on him

    Report

    Could Stateless Attribution Promote International Cyber Accountability?

    The public may respond to government claims about who is behind a cyberattack with suspicion and confusion. Could an independent, global organization for cyber attribution help?

    Jun 2, 2017

  • A soldier sets up voice intercept equipment during a cyber integration exercise on Joint Base Lewis-McChord, Washington, October 21, 2015

    Commentary

    What Happens After ISIS Goes Underground

    As the Islamic State in Iraq and Syria suffers defeats on the battlefield, it is expanding its cyber presence to continue to encourage attacks abroad. The more the group relies on cyberspace, the more likely it will expose important segments of its organization to detection and disruption.

    May 30, 2017

  • A young man is frustrated by the WannaCry ransomware attack

    Commentary

    WannaCry Virus: A Lesson in Global Unpreparedness

    The WannaCry ransomware attack provides important lessons about how to secure cyber networks. History indicates that other attacks will follow. Preparedness is crucial.

    May 22, 2017

  • A screen, showing Russian President Vladimir Putin's annual end-of-year news conference, is on display in Simferopol, Crimea, December 23, 2016.

    Commentary

    Russia in Action, Short of War

    The West needs to work more quickly and coordinate better to offset Russia's capabilities, aggressiveness, and success. Responding to Russia's hostile influence involves predicting Russia's targets, identifying the tools it's likely to use, and playing the long game rather than focusing on near-term events.

    May 9, 2017

  • Russian President Vladimir Putin is reflected in the glasses of a cadet watching Putin on TV at a military school outside Rostov-on-Don, Russia, December 20, 2012

    Testimony

    The Need for Cognitive Security

    The United States needs a strategy to counter information operations conducted by Russia and other adversaries. The rapid evolution of technology complicates this challenge.

    Apr 27, 2017

  • A person typing on a computer keyboard in a dark room

    Commentary

    Are Terrorists Using Cryptocurrencies?

    As the U.S. Treasury Department and its partners have denied terrorists access to the international financial system, new digital currencies could become an attractive alternative. They could be used for money laundering or to pay the personnel and vendors that keep the terrorist machine running.

    Apr 21, 2017

  • The 24-hour Operations Room inside GCHQ, Cheltenham, UK, November 17, 2015

    Commentary

    Five Eyes at 70: Where to from Here?

    The Five Eyes intelligence alliance of the U.S., Canada, Great Britain, Australia, and New Zealand began in the Cold War to meet the threat posed by the Soviet Union. Today, the nations' intelligence communities must contend with domestic terrorism and cyber threats while remaining ahead of Russia and China.

    Apr 21, 2017