Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water by Eileen Delson La Russo/RAND, adapted from images by Agil_Leonardo, Matejmo, and Byakkaya/Getty Images

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security, photo by oatawa/Getty Images

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Sep 15, 2017

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

Explore Cybersecurity

  • The Indiana National Guard Computer Network Defense Team readies their workstations for the Cyber Shield 2016 exercise at Camp Atterbury, Indiana, April 20, 2016

    Commentary

    Reservists and the National Guard Offer Untapped Resources for Cybersecurity

    More than 100,000 personnel in the Army National Guard and the U.S. Army Reserve have some degree of cyber competence, including thousands with deep or mid-level expertise. They could help defend the cyber terrain on which America's national security, prosperity, and democracy depend.

    Apr 18, 2017

  • World map

    Commentary

    Why It's So Hard to Stop a Cyberattack — and Even Harder to Fight Back

    Cyber weapons attack the underlying network or computer systems. The possibility of unexpected effects in the cyber world is therefore greater than in conventional warfare. Not knowing if the effects were intentional complicates the response.

    Mar 30, 2017

  • Report

    Tactical Cyber: Building a Strategy for Cyber Support to Corps and Below

    This report proposes a strategy for tactical Army cyber operations, enumerating overarching goals, objectives, and associated activities. Instructive case studies are provided that support implementation of the strategy.

    Mar 28, 2017

  • A coder types on laptop keyboard

    Commentary

    Reining in Internet Abuse

    The internet is being used for harmful, unethical, and illegal purposes. Examples include incitement and recruitment by terrorists, cyber bullying, and malicious fake news. Americans say they are unhappy with the tone of the online discourse, but are reluctant to consider potential remedies.

    Mar 23, 2017

  • News Release

    RAND Study Examines 200 Real-World 'Zero-Day' Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017

  • U.S. Army soldiers take part in a multi-service exercise on cyber capabilities at Ford Gordon in Augusta, Georgia, June 10, 2014

    Testimony

    Effective Cyberdeterrence Takes More Than Offensive Capability

    A successful cyberdeterrence posture has many prerequisites. These include attributing attacks to the correct party, thresholds for what merits retaliation, credibility, and offensive capability. For the United States, capability is the least in doubt.

    Mar 1, 2017

  • Cyber gavel illustration

    Commentary

    Does the Court System Know as Much About ESI as Your Teenager? It Should.

    Electronically stored information (ESI) from smart appliances, fitness trackers, and other devices is making its way into the U.S. court system. Judges and lawyers need to better understand this evidence so they can challenge it or rule on its admissibility in court.

    Feb 21, 2017

  • Binary code bursts from phones held by a crowd of people with an overlay of glowing electronic numbers

    Commentary

    What Is the Adversary Likely to Do with the Clearance Records for 20 Million Americans?

    The state actor that hacked the Office of Personnel Management could use the stolen information to further its domestic control against dissidents, enhance its foreign intelligence, and improve its position in the global military and economic order.

    Jan 20, 2017

  • President Barack Obama talks about cyber hacking during the U.S. presidential election as he holds his final news conference of the year at the White House in Washington, December 16, 2016

    Commentary

    How to Deter Foreign Cyberattacks on U.S. Elections

    Deterring future cyber-meddling in U.S. elections will require convincing adversaries — Russia and others — that any future such meddling will either be ineffective and/or too costly to be worthwhile.

    Jan 5, 2017

  • Russia's President Vladimir Putin (C), Foreign Minister Sergei Lavrov (L), and Defence Minister Sergei Shoigu attend a meeting at the Kremlin in Moscow, Russia December 29, 2016

    Commentary

    No Quick Fix with Russia

    A series of small steps is more likely to improve Western and Russian security than an attempt at a total reset. At the same time, sanctions against Russia over its actions in Ukraine, and NATO actions to reassure and protect allies, must continue.

    Jan 3, 2017

  • People protest as electors gather to cast their votes amid allegations of Russian hacking to try to influence the U.S. presidential election in Harrisburg, Pennsylvania, December 19, 2016

    Commentary

    Were Russian Hacks Really a Threat to American Democracy?

    The Russian attacks should be another wake up call about the relentless probing of America's digital assets by adversaries and the potential consequences of weak cyber defenses. But U.S. democracy appears to have survived safe and sound.

    Dec 30, 2016

  • A sailor opens a network monitoring program during an exercise at Marine Corps Air Station Miramar, California, August 22, 2016

    Commentary

    America's Cyber Security Dilemma — and a Way Out

    The United States should continue to pursue international cooperation in cyberspace, improve its ability to identify and expose the sources of attacks, and improve its oversight of the development and adoption of cyber-related technologies.

    Dec 22, 2016

  • The lobby of the CIA Headquarters Building in Langley, Virginia

    Commentary

    How Can We Be Sure Putin Hacked the Democrats?

    Did Russia conduct an election cyber campaign against America? There is likely no smoking gun. But there is presumably a preponderance of technical evidence, intelligence, and benefits to Moscow that points in that direction.

    Dec 16, 2016

  • Report

    A Framework for Exploring Cybersecurity Policy Options

    RAND conducted two discovery games to explore possible solutions for improving cybersecurity, assess their implications, and develop an initial framework to support debate and inform decisions regarding cybersecurity policies and practices.

    Nov 23, 2016

  • Russian President Vladimir Putin attends a press conference at Tegel airport in Berlin, Germany, October 20, 2016

    Commentary

    Checklist for a U.S.-Russia Cyberwar

    The Obama administration is reportedly considering a response to Russia's alleged hack of the Democratic National Committee. But many questions must be addressed first.

    Oct 31, 2016

  • Report

    The moral component of cross-domain conflict

    The study considers the body of work on morality and armed conflict in the future operating environment and provides insights on the ways in which new ways of fighting may challenge traditional moral principles.

    Oct 20, 2016

  • Illustration of a digital world

    Commentary

    Where Next for the Digital Society?

    Digital technologies are omnipresent, both in terms of where we are and what we do. A digital society can bring about economic and societal gain, but there are many challenges that need to be addressed beyond the actual technologies.

    Oct 14, 2016

  • Report

    Thought Leadership programme 2016: Key Findings

    Key findings from the 2016 Thought Leadership Programme, convened by Corsham Institute in conjunction with RAND Europe and St George's House exploring opportunities and challenges created by digital technologies in society.

    Oct 13, 2016

  • Concept of leaky software, data pouring out of pipe

    Commentary

    Digital Theft: The New Normal

    Absolute data breach prevention is not possible, so knowing what people want when it happens is important. Consumers and corporations alike should accept this risk as a “when,” not an “if,” and prepare for it.

    Oct 10, 2016