Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water by Eileen Delson La Russo/RAND, adapted from images by Agil_Leonardo, Matejmo, and Byakkaya/Getty Images

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security, photo by oatawa/Getty Images

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Sep 15, 2017

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

Explore Cybersecurity

  • Paramedics helping a patient

    Commentary

    Privacy Preferences for Healthcare Records and Information Across Europe

    The general public has a more nuanced preference for the privacy of electronic health records than previously thought. Survey respondents said that they would not be averse to individuals involved in the health and rescue professions having access to their basic health information.

    May 11, 2016

  • Congressional Briefing Podcast

    Multimedia

    Getting to Yes with China in Cyberspace: Is It Possible?

    In this May 2016 congressional briefing, RAND experts Scott W. Harold and Martin Libicki discuss the differing perspectives and interests of the United States and China in cyberspace.

    May 2, 2016

  • Journal Article

    Good Practice Guide on Vulnerability Disclosure: From Challenges to Recommendations

    Vulnerabilities are 'flaws' or 'mistakes' in computer-based systems that may be exploited to compromise the network and information security of affected systems.

    Apr 27, 2016

  • News Release

    One-Fourth of American Adults Notified of Data Breach in Past Year; Few Consumers Penalize Hacked Companies

    About a quarter of American adults reported that they were notified about their personal information being part of a data breach in the previous year, but only 11 percent of those who have ever been notified say they stopped doing business with the hacked company afterwards.

    Apr 14, 2016

  • Infographic

    Data Theft Victims, and Their Response to Breach Notifications

    This infographic highlights the results of a study of consumer attitudes toward data breaches, notifications of those breaches, and company responses to such events.

    Apr 14, 2016

  • Woman typing into a laptop

    Report

    Few Consumers Penalize Hacked Companies for Data Breaches

    About a quarter of American adults surveyed reported that they received a data breach notification in the past year, but 77 percent of them were highly satisfied with the company's post-breach response. Only 11 percent of respondents stopped dealing with the company afterwards.

    Apr 14, 2016

  • View to an operating room through an office window

    Commentary

    Ransomware Hackers Are Coming for Your Health Records

    Cyber criminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place, even though such attacks can strain health care systems and potentially put patients' lives at risk.

    Apr 11, 2016

  • Tanks in Beijing during a training exercise for a military parade

    Report

    China's Evolving Approach to Strategic Deterrence May Prove Challenging to the U.S. and Its Allies

    China is rapidly closing what was once a substantial gap between the PLA's strategic weapons capabilities and its strategic deterrence concepts. The United States will likely need to assure its allies that it will continue to maintain the capability and the resolve to support them in a crisis.

    Apr 7, 2016

  • Transportation soldiers and civilian harbormasters move cargo containers onto awaiting vessels in a training exercise at Joint Base Langley-Eustis

    Commentary

    Ten Years After the Safe Port Act, Are America's Ports Secure?

    The economic importance and visibility of America's ports make them attractive terrorism targets. Port security has improved, but many of the threats that motivated the Safe Ports Act in 2006 remain, and new dangers have emerged, including cyber threats.

    Apr 6, 2016

  • U.S. sailors assigned to Navy Cyber Defense Operations Command monitor, analyze, detect, and respond to unauthorized activity within U.S. Navy information systems and networks

    Commentary

    The Online Fight Against ISIS

    To prevail against ISIS in cyberspace, the United States and its cyber soldiers will have to be capable of reacting quickly, while being guided by an overarching strategy. Secretary of Defense Carter urged U.S. Cyber Command to intensify the fight against ISIS but it would also be wise to recruit civilian volunteers.

    Apr 1, 2016

  • A senior airman working in defensive cyber operations at Peterson Air Force Base in Colorado Springs, Colorado

    Commentary

    Rather Than Fearing 'Cyber 9/11,' Prepare for 'Cyber Katrina'

    The United States needs a smooth, well-functioning mutual aid system for cybersecurity that provides all of the hard-won benefits of the nation's system for hurricanes and other emergencies.

    Mar 30, 2016

  • U.S. Treasury Building in Washington, D.C.

    Commentary

    Time for Washington to Amp Up the Power to Coerce

    The U.S. government should start preparing systematically for the use of coercion as it does for military warfare, including analyzing options, assessing requirements and capabilities, conducting war games to refine these capabilities, and planning with allies.

    Mar 22, 2016

  • U.S. President Barack Obama shakes hands with Chinese President Xi Jinping at the start of the climate summit in Paris, November 30, 2015

    Report

    Getting to Yes with China in Cyberspace

    The tensions that divide the United States and China apply just as much to cyberspace as to relations in the physical world. Can the two countries achieve meaningful outcomes through formal negotiations over cyber norms and rules?

    Mar 22, 2016

  • An NYPD officer stands across the street from the Apple Store on 5th Ave. in New York, March 11, 2016

    Commentary

    The False Choice at the Core of the Apple-FBI Standoff

    The Apple-FBI case should spark a broader debate among technology companies concerning their role in maintaining the privacy and security balance. A starting point should be to recognize that the majority of cyberattacks are related to phishing—and a user's action—not to whether a device can be secured.

    Mar 21, 2016

  • Two teens using laptops

    Commentary

    The Military Should Increase Efforts to Find and Enlist Young Hackers

    Some notorious cyberattacks have been carried out by computer-savvy teens. They don't all have criminal intentions, they just have a particular aptitude for writing code and operating in cyberspace. The U.S. military should consider embracing and cultivating this pool of talent.

    Mar 10, 2016

  • An MQ-9 Reaper on the flightline at Kandahar Airfield, Afghanistan

    Commentary

    Do 'Guardian Forces' Belong in the Military?

    More and more national security workers in and out of uniform never get close to combat. They address cyber threats, operate satellite constellations, and control drones. It's time to rethink their place in the system.

    Mar 10, 2016

  • Chess pieces on a board

    Report

    Countering Adversaries Without Going to War

    How can the United States coerce unfriendly states without going to war? The three potentially most cost-effective options are financial sanctions, support for nonviolent political opposition, and offensive cyber operations.

    Mar 3, 2016

  • Service members and civilians conduct simulated cyberattack scenarios during Cyber Guard 2015

    Commentary

    In Greater Alignment: Public and Policymakers on Cyber

    For the first time, Gallup included cyberterrorism in its annual survey of Americans' concerns about threats to U.S. interests, and 73 percent of respondents said they felt it was a critical threat. The survey results come amid a flurry of activity on the issue on Capitol Hill and at the White House.

    Feb 29, 2016

  • Testimony

    Perspective on 2015 DoD Cyber Strategy: Addendum

    Document submitted on February 23, 2016 as an addendum to testimony presented before the House Armed Services Committee on September 29, 2015.

    Feb 26, 2016

  • Cybersecurity "leak"

    Multimedia

    Emerging Cyber Threats and Implications

    Cyberspace is expanding, becoming more vulnerable, and hosting increasingly vast amounts of data. Compounding this challenge is the growing number of bad actors seeking to exploit cyberspace. What steps can be taken to help mitigate emerging threats and improve U.S. cybersecurity?

    Feb 25, 2016