Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water by Eileen Delson La Russo/RAND, adapted from images by Agil_Leonardo, Matejmo, and Byakkaya/Getty Images

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security, photo by oatawa/Getty Images

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Sep 15, 2017

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

Explore Information Security

  • President Barack Obama talks about cyber hacking during the U.S. presidential election as he holds his final news conference of the year at the White House in Washington, December 16, 2016

    Commentary

    How to Deter Foreign Cyberattacks on U.S. Elections

    Deterring future cyber-meddling in U.S. elections will require convincing adversaries — Russia and others — that any future such meddling will either be ineffective and/or too costly to be worthwhile.

    Jan 5, 2017

  • Russia's President Vladimir Putin (C), Foreign Minister Sergei Lavrov (L), and Defence Minister Sergei Shoigu attend a meeting at the Kremlin in Moscow, Russia December 29, 2016

    Commentary

    No Quick Fix with Russia

    A series of small steps is more likely to improve Western and Russian security than an attempt at a total reset. At the same time, sanctions against Russia over its actions in Ukraine, and NATO actions to reassure and protect allies, must continue.

    Jan 3, 2017

  • People protest as electors gather to cast their votes amid allegations of Russian hacking to try to influence the U.S. presidential election in Harrisburg, Pennsylvania, December 19, 2016

    Commentary

    Were Russian Hacks Really a Threat to American Democracy?

    The Russian attacks should be another wake up call about the relentless probing of America's digital assets by adversaries and the potential consequences of weak cyber defenses. But U.S. democracy appears to have survived safe and sound.

    Dec 30, 2016

  • A sailor opens a network monitoring program during an exercise at Marine Corps Air Station Miramar, California, August 22, 2016

    Commentary

    America's Cyber Security Dilemma — and a Way Out

    The United States should continue to pursue international cooperation in cyberspace, improve its ability to identify and expose the sources of attacks, and improve its oversight of the development and adoption of cyber-related technologies.

    Dec 22, 2016

  • Brochure

    A focus on cybersecurity

    Cybersecurity has risen to become a prominent issue of national and global security for governments and international organisations worldwide. A focus on cybersecurity looks at the issues and details RAND Europe's expertise and work in the area.

    Dec 19, 2016

  • Report

    Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

    The authors evaluated current Controlled Unclassified Information labeling procedures, practices, and security policies for U.S. Department of Defense acquisition data and recommend improvements.

    Dec 19, 2016

  • The lobby of the CIA Headquarters Building in Langley, Virginia

    Commentary

    How Can We Be Sure Putin Hacked the Democrats?

    Did Russia conduct an election cyber campaign against America? There is likely no smoking gun. But there is presumably a preponderance of technical evidence, intelligence, and benefits to Moscow that points in that direction.

    Dec 16, 2016

  • Report

    A Framework for Exploring Cybersecurity Policy Options

    RAND conducted two discovery games to explore possible solutions for improving cybersecurity, assess their implications, and develop an initial framework to support debate and inform decisions regarding cybersecurity policies and practices.

    Nov 23, 2016

  • Russian President Vladimir Putin attends a press conference at Tegel airport in Berlin, Germany, October 20, 2016

    Commentary

    Checklist for a U.S.-Russia Cyberwar

    The Obama administration is reportedly considering a response to Russia's alleged hack of the Democratic National Committee. But many questions must be addressed first.

    Oct 31, 2016

  • Report

    The moral component of cross-domain conflict

    The study considers the body of work on morality and armed conflict in the future operating environment and provides insights on the ways in which new ways of fighting may challenge traditional moral principles.

    Oct 20, 2016

  • Illustration of a digital world

    Commentary

    Where Next for the Digital Society?

    Digital technologies are omnipresent, both in terms of where we are and what we do. A digital society can bring about economic and societal gain, but there are many challenges that need to be addressed beyond the actual technologies.

    Oct 14, 2016

  • Report

    Thought Leadership programme 2016: Key Findings

    Key findings from the 2016 Thought Leadership Programme, convened by Corsham Institute in conjunction with RAND Europe and St George's House exploring opportunities and challenges created by digital technologies in society.

    Oct 13, 2016

  • Concept of leaky software, data pouring out of pipe

    Commentary

    Digital Theft: The New Normal

    Absolute data breach prevention is not possible, so knowing what people want when it happens is important. Consumers and corporations alike should accept this risk as a “when,” not an “if,” and prepare for it.

    Oct 10, 2016

  • Woman paying a cashier with a credit card

    Journal Article

    Cost of Cyber Incidents to American Companies Is Less Than Expected

    Why don't American companies invest more in computer security? One possible explanation: Relative to the other risks they face, cyber risks often aren't as significant as expected. Most breaches cost companies less than 0.4 percent of their annual revenues.

    Oct 10, 2016

  • Ukrainian servicemen take part in a rehearsal for the Independence Day military parade in central Kiev, Ukraine, August 22, 2016

    Report

    Security Sector Reform in Ukraine

    The 2014 Maidan revolution created an opportunity for change in a system that had resisted it for 25 years. The Ukrainian security establishment has progressed since then, but its efforts have been insufficient to address the threats now facing the nation.

    Oct 5, 2016

  • News Release

    Ukraine's Security Sector Needs Substantial Reform

    An assessment of Ukraine's security sector determines what different institutions need to do and where gaps exist. Roles and responsibilities need to be clarified, and coordination is needed among individual ministries and agencies.

    Oct 5, 2016

  • TSA agents screen a passenger at San Francisco International Airport in San Francisco, California, February 27, 2015

    Announcement

    RAND Chosen to Operate New Research Center for U.S. Department of Homeland Security

    A new center will conduct analyses and make recommendations to strengthen DHS across its missions to prevent terrorism and enhance security, secure and manage U.S. borders, enforce and administer immigration laws, safeguard and secure cyberspace, and strengthen national preparedness and resiliency.

    Oct 4, 2016

  • The headquarters of the Democratic National Committee is seen in Washington, D.C., June 14, 2016

    Commentary

    The DNC Hack: Are New Norms Needed?

    A new norm that would hold the Russian DNC hack to be unacceptable could not rest on a general prohibition against cyber-espionage or political interference. It would have to combine both prohibitions at once.

    Sep 29, 2016

  • Dmitri Dolgov, principal engineer on the software team of Google's Self-Driving Car project, speaks during a presentation in Mountain View, California, September 29, 2015

    Commentary

    The Brains Behind Autonomous Vehicles May Need a License to Drive

    Autonomous vehicles require exquisite software. To make this software secure, industry and government should consider educational standards and licensure requirements for the engineers who create it.

    Sep 27, 2016

  • News Release

    Cost of Cyber Incidents Not Large Compared with Other Business Losses; May Influence Responses by Businesses

    Data breaches have made headlines in recent years, exposing poor practices that put the personal information of millions of consumers at risk. But the cost of a typical cyber breach is much less than generally estimated, providing one possible explanation for why American companies do not invest more to improve computer security.

    Sep 20, 2016