Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • A graphic representing an accelerating future

    Article

    Can Humans Survive a Faster Future?

    May 1, 2018

    Life is moving faster and faster. Just about everything—transportation, weapons, the flow of information—is accelerating. How will decisionmakers preserve our personal and national security in the face of hyperspeed?

Explore Cybersecurity

  • Research Brief

    The role of the 'dark web' in the trade of illicit drugs

    The Internet has fundamentally changed ways of doing business, including the operations of illegal markets. RAND Europe was commissioned to investigate the role of the Internet in facilitating the drugs trade, particularly in the Netherlands.

    Aug 5, 2016

  • Spider web

    Report

    Growth of the Online Illicit Drugs Trade

    Silk Road was the first major online marketplace for illegal goods on the hidden web. Since the FBI took it down in 2013, copycats have filled the void. Transactions for illicit drugs on cryptomarkets have tripled and revenues have doubled.

    Aug 5, 2016

  • Russian President Vladimir Putin arrives for a personal send-off for members of the Russian Olympic team at the Kremlin in Moscow, Russia, July 27, 2016

    Commentary

    How to Counter Putin's Subversive War on the West

    Russian cybercrime, Olympics doping, and other active measures have one thing in common: Moscow admits no wrongdoing. These scandals exacerbate the frigid relations between Moscow and the West. Diplomacy sometimes works slowly, but it helps.

    Aug 1, 2016

  • Guo Shengkun, China's Minister of Public Security, speaks during the Second U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues in Beijing, China, June 14, 2016

    Commentary

    The U.S.-China Cyber Agreement: A Good First Step

    The 2015 U.S.-China cyber agreement is a potentially important first step toward addressing the problem of Chinese espionage. But it is by no means a final step.

    Aug 1, 2016

  • Massive unclassified paper shred and uniform drop-off bins help prevent OPSEC violations

    Commentary

    Keeping Up with the Policymakers: The Unclassified Tearline

    Unclassified tearlines could convey the bottom line and potential implications of a classified story in unclassified terms, while obscuring sensitive sources and methods. There are good reasons to build them into the business process and culture of intelligence agencies.

    Jul 28, 2016

  • Periodical

    RAND Review: July-August 2016

    This issue highlights the stress of military deployments and resilience of military families; RAND research on cybercrime, network defense, and data breaches; the 40th anniversary of RAND's landmark Health Insurance Experiment; and more.

    Jun 27, 2016

  • Eyeball on a laptop computer screen

    Essay

    The Digital Underworld: What You Need to Know

    A growing threat is emanating from a digital underworld where hackers sell their services like mercenaries and credit-card numbers can be had for pennies on the dollar.

    Jun 24, 2016

  • Hands on a keyboard in a dark room

    Commentary

    Cyberterrorism and the Role of Silicon Valley

    As national security and war are being redefined for the digital age, Silicon Valley will need to be on the front line of counterterrorism. Its inventors and entrepreneurs are driving the information revolution, and they must figure out how to protect vital systems against malevolent intrusions.

    Jun 13, 2016

  • Illustration of data encryption

    Blog

    RAND's Lillian Ablon Presents 'Lessons from a Hacker'

    Lillian Ablon, a cybersecurity and emerging technologies researcher, spoke at a RAND Policy Circle Conversation on the world's expanding cyber vulnerability, those who are out there to take advantage of those vulnerabilities, as well as consumer attitudes toward breaches.

    Jun 1, 2016

  • Paramedics helping a patient

    Commentary

    Privacy Preferences for Healthcare Records and Information Across Europe

    The general public has a more nuanced preference for the privacy of electronic health records than previously thought. Survey respondents said that they would not be averse to individuals involved in the health and rescue professions having access to their basic health information.

    May 11, 2016

  • Congressional Briefing Podcast

    Multimedia

    Getting to Yes with China in Cyberspace: Is It Possible?

    In this May 2016 congressional briefing, RAND experts Scott W. Harold and Martin Libicki discuss the differing perspectives and interests of the United States and China in cyberspace.

    May 2, 2016

  • Journal Article

    Good Practice Guide on Vulnerability Disclosure: From Challenges to Recommendations

    Vulnerabilities are 'flaws' or 'mistakes' in computer-based systems that may be exploited to compromise the network and information security of affected systems.

    Apr 27, 2016

  • News Release

    One-Fourth of American Adults Notified of Data Breach in Past Year; Few Consumers Penalize Hacked Companies

    About a quarter of American adults reported that they were notified about their personal information being part of a data breach in the previous year, but only 11 percent of those who have ever been notified say they stopped doing business with the hacked company afterwards.

    Apr 14, 2016

  • Infographic

    Data Theft Victims, and Their Response to Breach Notifications

    This infographic highlights the results of a study of consumer attitudes toward data breaches, notifications of those breaches, and company responses to such events.

    Apr 14, 2016

  • Woman typing into a laptop

    Report

    Few Consumers Penalize Hacked Companies for Data Breaches

    About a quarter of American adults surveyed reported that they received a data breach notification in the past year, but 77 percent of them were highly satisfied with the company's post-breach response. Only 11 percent of respondents stopped dealing with the company afterwards.

    Apr 14, 2016

  • View to an operating room through an office window

    Commentary

    Ransomware Hackers Are Coming for Your Health Records

    Cyber criminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place, even though such attacks can strain health care systems and potentially put patients' lives at risk.

    Apr 11, 2016

  • Tanks in Beijing during a training exercise for a military parade

    Report

    China's Evolving Approach to Strategic Deterrence May Prove Challenging to the U.S. and Its Allies

    China is rapidly closing what was once a substantial gap between the PLA's strategic weapons capabilities and its strategic deterrence concepts. The United States will likely need to assure its allies that it will continue to maintain the capability and the resolve to support them in a crisis.

    Apr 7, 2016

  • Transportation soldiers and civilian harbormasters move cargo containers onto awaiting vessels in a training exercise at Joint Base Langley-Eustis

    Commentary

    Ten Years After the Safe Port Act, Are America's Ports Secure?

    The economic importance and visibility of America's ports make them attractive terrorism targets. Port security has improved, but many of the threats that motivated the Safe Ports Act in 2006 remain, and new dangers have emerged, including cyber threats.

    Apr 6, 2016

  • U.S. sailors assigned to Navy Cyber Defense Operations Command monitor, analyze, detect, and respond to unauthorized activity within U.S. Navy information systems and networks

    Commentary

    The Online Fight Against ISIS

    To prevail against ISIS in cyberspace, the United States and its cyber soldiers will have to be capable of reacting quickly, while being guided by an overarching strategy. Secretary of Defense Carter urged U.S. Cyber Command to intensify the fight against ISIS but it would also be wise to recruit civilian volunteers.

    Apr 1, 2016

  • A senior airman working in defensive cyber operations at Peterson Air Force Base in Colorado Springs, Colorado

    Commentary

    Rather Than Fearing 'Cyber 9/11,' Prepare for 'Cyber Katrina'

    The United States needs a smooth, well-functioning mutual aid system for cybersecurity that provides all of the hard-won benefits of the nation's system for hurricanes and other emergencies.

    Mar 30, 2016