Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • A graphic representing an accelerating future

    Article

    Can Humans Survive a Faster Future?

    May 1, 2018

    Life is moving faster and faster. Just about everything—transportation, weapons, the flow of information—is accelerating. How will decisionmakers preserve our personal and national security in the face of hyperspeed?

Explore Cybersecurity

  • A soldier sets up voice intercept equipment during a cyber integration exercise on Joint Base Lewis-McChord, Washington, October 21, 2015

    Commentary

    What Happens After ISIS Goes Underground

    As the Islamic State in Iraq and Syria suffers defeats on the battlefield, it is expanding its cyber presence to continue to encourage attacks abroad. The more the group relies on cyberspace, the more likely it will expose important segments of its organization to detection and disruption.

    May 30, 2017

  • A young man is frustrated by the WannaCry ransomware attack

    Commentary

    WannaCry Virus: A Lesson in Global Unpreparedness

    The WannaCry ransomware attack provides important lessons about how to secure cyber networks. History indicates that other attacks will follow. Preparedness is crucial.

    May 22, 2017

  • A screen, showing Russian President Vladimir Putin's annual end-of-year news conference, is on display in Simferopol, Crimea, December 23, 2016.

    Commentary

    Russia in Action, Short of War

    The West needs to work more quickly and coordinate better to offset Russia's capabilities, aggressiveness, and success. Responding to Russia's hostile influence involves predicting Russia's targets, identifying the tools it's likely to use, and playing the long game rather than focusing on near-term events.

    May 9, 2017

  • Russian President Vladimir Putin is reflected in the glasses of a cadet watching Putin on TV at a military school outside Rostov-on-Don, Russia, December 20, 2012

    Testimony

    The Need for Cognitive Security

    The United States needs a strategy to counter information operations conducted by Russia and other adversaries. The rapid evolution of technology complicates this challenge.

    Apr 27, 2017

  • The 24-hour Operations Room inside GCHQ, Cheltenham, UK, November 17, 2015

    Commentary

    Five Eyes at 70: Where to from Here?

    The Five Eyes intelligence alliance of the U.S., Canada, Great Britain, Australia, and New Zealand began in the Cold War to meet the threat posed by the Soviet Union. Today, the nations' intelligence communities must contend with domestic terrorism and cyber threats while remaining ahead of Russia and China.

    Apr 21, 2017

  • A person typing on a computer keyboard in a dark room

    Commentary

    Are Terrorists Using Cryptocurrencies?

    As the U.S. Treasury Department and its partners have denied terrorists access to the international financial system, new digital currencies could become an attractive alternative. They could be used for money laundering or to pay the personnel and vendors that keep the terrorist machine running.

    Apr 21, 2017

  • The Indiana National Guard Computer Network Defense Team readies their workstations for the Cyber Shield 2016 exercise at Camp Atterbury, Indiana, April 20, 2016

    Commentary

    Reservists and the National Guard Offer Untapped Resources for Cybersecurity

    More than 100,000 personnel in the Army National Guard and the U.S. Army Reserve have some degree of cyber competence, including thousands with deep or mid-level expertise. They could help defend the cyber terrain on which America's national security, prosperity, and democracy depend.

    Apr 18, 2017

  • World map

    Commentary

    Why It's So Hard to Stop a Cyberattack — and Even Harder to Fight Back

    Cyber weapons attack the underlying network or computer systems. The possibility of unexpected effects in the cyber world is therefore greater than in conventional warfare. Not knowing if the effects were intentional complicates the response.

    Mar 30, 2017

  • Report

    Tactical Cyber: Building a Strategy for Cyber Support to Corps and Below

    This report proposes a strategy for tactical Army cyber operations, enumerating overarching goals, objectives, and associated activities. Instructive case studies are provided that support implementation of the strategy.

    Mar 28, 2017

  • A coder types on laptop keyboard

    Commentary

    Reining in Internet Abuse

    The internet is being used for harmful, unethical, and illegal purposes. Examples include incitement and recruitment by terrorists, cyber bullying, and malicious fake news. Americans say they are unhappy with the tone of the online discourse, but are reluctant to consider potential remedies.

    Mar 23, 2017

  • News Release

    RAND Study Examines 200 Real-World 'Zero-Day' Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017

  • U.S. Army soldiers take part in a multi-service exercise on cyber capabilities at Ford Gordon in Augusta, Georgia, June 10, 2014

    Testimony

    Effective Cyberdeterrence Takes More Than Offensive Capability

    A successful cyberdeterrence posture has many prerequisites. These include attributing attacks to the correct party, thresholds for what merits retaliation, credibility, and offensive capability. For the United States, capability is the least in doubt.

    Mar 1, 2017

  • Cyber gavel illustration

    Commentary

    Does the Court System Know as Much About ESI as Your Teenager? It Should.

    Electronically stored information (ESI) from smart appliances, fitness trackers, and other devices is making its way into the U.S. court system. Judges and lawyers need to better understand this evidence so they can challenge it or rule on its admissibility in court.

    Feb 21, 2017

  • Binary code bursts from phones held by a crowd of people with an overlay of glowing electronic numbers

    Commentary

    What Is the Adversary Likely to Do with the Clearance Records for 20 Million Americans?

    The state actor that hacked the Office of Personnel Management could use the stolen information to further its domestic control against dissidents, enhance its foreign intelligence, and improve its position in the global military and economic order.

    Jan 20, 2017

  • President Barack Obama talks about cyber hacking during the U.S. presidential election as he holds his final news conference of the year at the White House in Washington, December 16, 2016

    Commentary

    How to Deter Foreign Cyberattacks on U.S. Elections

    Deterring future cyber-meddling in U.S. elections will require convincing adversaries — Russia and others — that any future such meddling will either be ineffective and/or too costly to be worthwhile.

    Jan 5, 2017

  • Russia's President Vladimir Putin (C), Foreign Minister Sergei Lavrov (L), and Defence Minister Sergei Shoigu attend a meeting at the Kremlin in Moscow, Russia December 29, 2016

    Commentary

    No Quick Fix with Russia

    A series of small steps is more likely to improve Western and Russian security than an attempt at a total reset. At the same time, sanctions against Russia over its actions in Ukraine, and NATO actions to reassure and protect allies, must continue.

    Jan 3, 2017

  • People protest as electors gather to cast their votes amid allegations of Russian hacking to try to influence the U.S. presidential election in Harrisburg, Pennsylvania, December 19, 2016

    Commentary

    Were Russian Hacks Really a Threat to American Democracy?

    The Russian attacks should be another wake up call about the relentless probing of America's digital assets by adversaries and the potential consequences of weak cyber defenses. But U.S. democracy appears to have survived safe and sound.

    Dec 30, 2016

  • A sailor opens a network monitoring program during an exercise at Marine Corps Air Station Miramar, California, August 22, 2016

    Commentary

    America's Cyber Security Dilemma — and a Way Out

    The United States should continue to pursue international cooperation in cyberspace, improve its ability to identify and expose the sources of attacks, and improve its oversight of the development and adoption of cyber-related technologies.

    Dec 22, 2016

  • The lobby of the CIA Headquarters Building in Langley, Virginia

    Commentary

    How Can We Be Sure Putin Hacked the Democrats?

    Did Russia conduct an election cyber campaign against America? There is likely no smoking gun. But there is presumably a preponderance of technical evidence, intelligence, and benefits to Moscow that points in that direction.

    Dec 16, 2016