Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • A graphic representing an accelerating future

    Article

    Can Humans Survive a Faster Future?

    May 1, 2018

    Life is moving faster and faster. Just about everything—transportation, weapons, the flow of information—is accelerating. How will decisionmakers preserve our personal and national security in the face of hyperspeed?

Explore Cybersecurity

  • A U.S. Air Force airman works at the 561st Network Operations Squadron, which executes defensive cyber operations

    Commentary

    The Two Sides of Cybersecurity

    Securing government networks is certainly necessary, but authorities should not lose sight of the need to couple their defense of America's networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats in cyberspace.

    Nov 13, 2015

  • Journal Article

    Deterrence, Influence, Cyber Attack, and Cyberwar

    This study uses a simple model to speculate about whether deterrence can be a significant part of dealing with special features of the cyber attack challenge, and distinguishing different classes and contexts of cyber threats.

    Nov 13, 2015

  • Volkswagen CEO Matthias Mueller gives a tour of the VW factory in Wolfsburg, Germany, October 21, 2015

    Commentary

    When Public Trust in Corporations Is Shaken

    The Volkswagen scandal comes at a time when the public's trust in both the automotive industry and tech companies is at risk. The level of public trust in an individual organization could end up burnishing — or infecting — an entire industry or new technology.

    Oct 28, 2015

  • Research Brief

    Cybersecurity of Air Force Weapon Systems: Ensuring Cyber Mission Assurance Throughout a System's Life Cycle

    Discusses how the Air Force acquisition/life-cycle management community can improve cybersecurity throughout the life cycle of Air Force weapon systems.

    Oct 27, 2015

  • An F-15 flying over Nevada during a USAFWS Mission Employment Exercise

    Report

    Improving the Cybersecurity of U.S. Air Force Weapon Systems

    U.S. Air Force weapon systems containing information technology may be vulnerable to intelligence exploitation and cyberattacks. But there are steps that the Air Force can take to improve the security of these systems throughout their life cycles.

    Oct 27, 2015

  • Malware phishing data concept

    Commentary

    Social Engineering Explained: The Human Element in Cyberattacks

    The human element is the most unpredictable factor in cybersecurity. A social engineer aims to make people do what they want or give the social engineer information, often without the person considering the negative consequences.

    Oct 20, 2015

  • Congressional Briefing Podcast

    Multimedia

    United States and China: Trends in Military Competition

    In this October 2015 congressional briefing, Eric Heginbotham discusses relative U.S. and Chinese military capabilities, including the evolution of Chinese military capabilities, steps the United States can take to limit the impact of a growing Chinese military on deterrence, and other U.S. strategic interests.

    Oct 5, 2015

  • Joint service and civilian personnel concentrate on exercise scenarios during "Cyber Guard 2015."

    Testimony

    Perspective on 2015 DoD Cyber Strategy

    The DoD's cyber strategy is aligned with its mission, but there will be challenges to implementation—including building and maintaining a capable workforce, assessing risk across DoD networks and systems, and planning for operations.

    Sep 29, 2015

  • U.S. President Barack Obama and Chinese President Xi Jinping shake hands following a joint news conference in the Rose Garden at the White House in Washington September 25, 2015

    Commentary

    Define Acceptable Cyberspace Behavior

    While a U.S.-China cyberspace agreement is a welcome step, it also underscores the greater issues facing the United States and the international community in this largely ungoverned space. A precondition for securing U.S. networks should be the development of an overarching cyber doctrine that defines acceptable behavior and allows the U.S. to defend its networks against threats.

    Sep 27, 2015

  • Chinese President Xi Jinping visits Boeing in Everett, Washington, September 23, 2015

    Commentary

    The U.S.-China Summit Is More Significant for Xi Jinping Than Obama

    The Xi-Obama summit will provide the opportunity to discuss contentious issues like cybersecurity and the South China Sea, as well as other issues, such as climate change and economic cooperation. For Xi, the visit underscores the tremendous importance of messaging to a Chinese audience the narrative of a continued stable and robust partnership with the country that matters most to China politically and economically.

    Sep 24, 2015

  • Congressional Briefing Podcast

    Multimedia

    Lessons from a Hacker: Cyber Concepts for Policymakers

    In this September 14th congressional briefing, Lillian Ablon discusses the basics of cyber and information security and provides insights into some of the complexities of cybersecurity policymaking. Topics include why software vulnerabilities are significant, the components of cyber risk beyond the threat, motivations of various cyber threats actors, and what they exploit.

    Sep 14, 2015

  • News Release

    China's Military Modernization Increasingly Challenges U.S. Defense Capabilities in Asia

    Although China continues to lag behind the United States in terms of aggregate military hardware and operational skills, it has improved its capabilities relative to those of the U.S. in many critical areas. Moreover, China does not need to catch up fully in order to challenge U.S. ability to conduct effective military operations near the Chinese mainland.

    Sep 14, 2015

  • U.S. Army Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, and Chinese army Gen. Fang Fenghui, China's chief of the general staff, salute during a ceremony in Beijing, April 22, 2013

    Research Brief

    Tallying the U.S.-China Military Scorecard

    A set of “scorecards” assesses the relative capabilities of U.S. and Chinese military forces in diverse types of conflict, at varying distances from the Chinese mainland, and at different points in time.

    Sep 14, 2015

  • Chinese People's Liberation Army Navy recruits march during a parade in Qingdao, Shandong province, December 5, 2013

    Report

    China's Military Modernization Increasingly Challenges U.S. Defense Capabilities in Asia

    Although China continues to lag behind the United States in terms of aggregate military hardware and operational skills, it has improved its capabilities relative to those of the U.S. in many critical areas. Moreover, China does not need to catch up fully in order to challenge U.S. ability to conduct effective military operations near the Chinese mainland.

    Sep 14, 2015

  • A network administrator holds a drive

    Report

    Cyber Practices: What Can the U.S. Air Force Learn from the Commercial Sector?

    Some common commercial practices for cyber workforce management and organizational issues are applicable to the U.S. Air Force as it endeavors to improve the management of its cyber forces.

    Sep 9, 2015

  • Digital internet security concept

    Announcement

    RAND Hosts Cybersecurity Exercise

    The discussion of cybersecurity should not be trapped within narrow technical, national security, or legal stovepipes and should include an examination of economic, civil, and societal factors. With that goal in mind, RAND hosted an analytic exercise on cybersecurity.

    Sep 3, 2015

  • An illustration of a projection of binary code on a man holding a laptop computer

    Commentary

    Is It Time to Appoint a Data Security Czar?

    Cybersecurity needs to become more of a priority for the government and private corporations. Whatever the solution, public and private officials need to do a better job of weighing the risk-benefit calculation of storing data on Internet-accessible computers and justifying data-handling protocols.

    Sep 3, 2015

  • View of the Earth from space

    Essay

    Interdependence Day: Contending with a New Global Order

    A team of RAND experts took a sober look at the threats facing the United States and developed a playbook of strategies to address them.

    Aug 21, 2015

  • Research Brief

    Online privacy vs surveillance: Europeans' preferences on internet surveillance and security measures

    RAND Europe has collected evidence from one of the largest-ever surveys of citizens' views across Europe on security, surveillance and privacy issues in three scenarios: train travel, internet use (described here), and storage of health records.

    Aug 20, 2015

  • News Release

    Internet Technology Could Aid Police, Courts and Prisons; Resolving Privacy Issues Key to Future Use

    New Internet-based technology may aid criminal justice agencies through promising tools such as better criminal databases, remotely conducted trials, and electronic monitoring of parolees. But many of the developments raise issues related to civil rights, privacy, and cybersecurity that must be addressed.

    Aug 17, 2015