Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water by Eileen Delson La Russo/RAND, adapted from images by Agil_Leonardo, Matejmo, and Byakkaya/Getty Images

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security, photo by oatawa/Getty Images

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Sep 15, 2017

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

Explore Cybersecurity

  • Woman paying a cashier with a credit card

    Journal Article

    Cost of Cyber Incidents to American Companies Is Less Than Expected

    Why don't American companies invest more in computer security? One possible explanation: Relative to the other risks they face, cyber risks often aren't as significant as expected. Most breaches cost companies less than 0.4 percent of their annual revenues.

    Oct 10, 2016

  • News Release

    Ukraine's Security Sector Needs Substantial Reform

    An assessment of Ukraine's security sector determines what different institutions need to do and where gaps exist. Roles and responsibilities need to be clarified, and coordination is needed among individual ministries and agencies.

    Oct 5, 2016

  • Ukrainian servicemen take part in a rehearsal for the Independence Day military parade in central Kiev, Ukraine, August 22, 2016

    Report

    Security Sector Reform in Ukraine

    The 2014 Maidan revolution created an opportunity for change in a system that had resisted it for 25 years. The Ukrainian security establishment has progressed since then, but its efforts have been insufficient to address the threats now facing the nation.

    Oct 5, 2016

  • TSA agents screen a passenger at San Francisco International Airport in San Francisco, California, February 27, 2015

    Announcement

    RAND Chosen to Operate New Research Center for U.S. Department of Homeland Security

    A new center will conduct analyses and make recommendations to strengthen DHS across its missions to prevent terrorism and enhance security, secure and manage U.S. borders, enforce and administer immigration laws, safeguard and secure cyberspace, and strengthen national preparedness and resiliency.

    Oct 4, 2016

  • The headquarters of the Democratic National Committee is seen in Washington, D.C., June 14, 2016

    Commentary

    The DNC Hack: Are New Norms Needed?

    A new norm that would hold the Russian DNC hack to be unacceptable could not rest on a general prohibition against cyber-espionage or political interference. It would have to combine both prohibitions at once.

    Sep 29, 2016

  • Dmitri Dolgov, principal engineer on the software team of Google's Self-Driving Car project, speaks during a presentation in Mountain View, California, September 29, 2015

    Commentary

    The Brains Behind Autonomous Vehicles May Need a License to Drive

    Autonomous vehicles require exquisite software. To make this software secure, industry and government should consider educational standards and licensure requirements for the engineers who create it.

    Sep 27, 2016

  • News Release

    Cost of Cyber Incidents Not Large Compared with Other Business Losses; May Influence Responses by Businesses

    Data breaches have made headlines in recent years, exposing poor practices that put the personal information of millions of consumers at risk. But the cost of a typical cyber breach is much less than generally estimated, providing one possible explanation for why American companies do not invest more to improve computer security.

    Sep 20, 2016

  • A man counting pills on his laptop

    Commentary

    Dark Web Likely Isn't Fuelling International Drug Sales

    Vendors in the Netherlands have developed a fairly successful international trade of ecstasy-type drugs and stimulants from online markets, but it appears that most countries are selling illicit drugs within their own borders.

    Sep 19, 2016

  • Report

    U.S.–Japan Alliance Conference: Strengthening Strategic Cooperation

    To better understand the deepening cooperation between the United States and Japan and future prospects for their partnership, RAND commissioned papers by leading experts and hosted a two-day conference in Santa Monica, California, in March 2016.

    Sep 2, 2016

  • Cyber illustration of a judge's gavel

    Commentary

    The Future of Cyber Investigations at the FBI Is Unclear

    Evidence presented by the FBI in the case of U.S. v. Jay Michaud was excluded because the agency was unwilling to reveal the software exploit used to collect it. If the FBI exposes its capabilities, other criminals can patch their computers, but concealing its techniques risks the ability to prosecute cyber criminals.

    Aug 24, 2016

  • News Release

    Untangling the 'Dark Web': New Study Shows Steady Growth of the Online Illicit Drugs Trade

    The number of transactions for illicit drugs on cryptomarkets, which exist on the “dark web,” have tripled and revenues have doubled since 2013, when Silk Road 1.0 was shut down by the FBI.

    Aug 8, 2016

  • Research Brief

    The role of the 'dark web' in the trade of illicit drugs

    The Internet has fundamentally changed ways of doing business, including the operations of illegal markets. RAND Europe was commissioned to investigate the role of the Internet in facilitating the drugs trade, particularly in the Netherlands.

    Aug 5, 2016

  • Spider web

    Report

    Growth of the Online Illicit Drugs Trade

    Silk Road was the first major online marketplace for illegal goods on the hidden web. Since the FBI took it down in 2013, copycats have filled the void. Transactions for illicit drugs on cryptomarkets have tripled and revenues have doubled.

    Aug 5, 2016

  • Guo Shengkun, China's Minister of Public Security, speaks during the Second U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues in Beijing, China, June 14, 2016

    Commentary

    The U.S.-China Cyber Agreement: A Good First Step

    The 2015 U.S.-China cyber agreement is a potentially important first step toward addressing the problem of Chinese espionage. But it is by no means a final step.

    Aug 1, 2016

  • Russian President Vladimir Putin arrives for a personal send-off for members of the Russian Olympic team at the Kremlin in Moscow, Russia, July 27, 2016

    Commentary

    How to Counter Putin's Subversive War on the West

    Russian cybercrime, Olympics doping, and other active measures have one thing in common: Moscow admits no wrongdoing. These scandals exacerbate the frigid relations between Moscow and the West. Diplomacy sometimes works slowly, but it helps.

    Aug 1, 2016

  • Massive unclassified paper shred and uniform drop-off bins help prevent OPSEC violations

    Commentary

    Keeping Up with the Policymakers: The Unclassified Tearline

    Unclassified tearlines could convey the bottom line and potential implications of a classified story in unclassified terms, while obscuring sensitive sources and methods. There are good reasons to build them into the business process and culture of intelligence agencies.

    Jul 28, 2016

  • Periodical

    RAND Review: July-August 2016

    This issue highlights the stress of military deployments and resilience of military families; RAND research on cybercrime, network defense, and data breaches; the 40th anniversary of RAND's landmark Health Insurance Experiment; and more.

    Jun 27, 2016

  • Eyeball on a laptop computer screen

    Essay

    The Digital Underworld: What You Need to Know

    A growing threat is emanating from a digital underworld where hackers sell their services like mercenaries and credit-card numbers can be had for pennies on the dollar.

    Jun 24, 2016

  • Hands on a keyboard in a dark room

    Commentary

    Cyberterrorism and the Role of Silicon Valley

    As national security and war are being redefined for the digital age, Silicon Valley will need to be on the front line of counterterrorism. Its inventors and entrepreneurs are driving the information revolution, and they must figure out how to protect vital systems against malevolent intrusions.

    Jun 13, 2016

  • Illustration of data encryption

    Blog

    RAND's Lillian Ablon Presents 'Lessons from a Hacker'

    Lillian Ablon, a cybersecurity and emerging technologies researcher, spoke at a RAND Policy Circle Conversation on the world's expanding cyber vulnerability, those who are out there to take advantage of those vulnerabilities, as well as consumer attitudes toward breaches.

    Jun 1, 2016