RAND Research Topic: Information Security

Zero Days, Thousands of Nights

Mar 9, 2017

This report provides findings from real-world zero-day vulnerability and exploit data that can inform ongoing policy debates regarding stockpiling (i.e., keeping zero-day vulnerabilities private) versus disclosing them to the public.

Does the Court System Know as Much About Electronically Stored Information as Your Teenager? It Should.

Feb 21, 2017

Electronically stored information from smart appliances, fitness trackers, and other devices is making its way into the U.S. court system. Judges and lawyers need to better understand this evidence so they can challenge it or rule on its admissibility in court.

Peter Norton: Entrepreneur, Art Collector, and RAND Advisory Board Member

Jul 3, 2017

When the Saudi kingdom hired RAND in the 1980s to advise its information technology industry on the best bets for future investment, RAND researchers consulted expert Peter Norton to back up their findings. Norton has supported RAND ever since.

Cyber Power Potential of the Army's Reserve Component

Jun 15, 2017

Describes the availability of personnel with cyber skills in the private sector and the number of Army reserve component soldiers available to support the Army's cyber mission needs.

Social Media Analysis Could Support Information Operations

Jun 14, 2017

Social media analysis could provide a window into the perspectives and communications of adversaries and other key audiences. If DoD seeks to expand its capability in this area, it must navigate U.S. law, cultural norms, and other issues.

Could Stateless Attribution Promote International Cyber Accountability?

Jun 2, 2017

The public may respond to government claims about who is behind a cyberattack with suspicion and confusion. Could an independent, global organization for cyber attribution help?

The Need for Cognitive Security

Apr 27, 2017

The United States needs a strategy to counter information operations conducted by Russia and other adversaries. The rapid evolution of technology complicates this challenge.

Tactical Cyber

Mar 28, 2017

This report proposes a strategy for tactical Army cyber operations, enumerating overarching goals, objectives, and associated activities. Instructive case studies are provided that support implementation of the strategy.

Homeland Security Issues in the 115th Congress

Mar 9, 2017

RAND experts provide insight on the biggest homeland security issues facing the 115th Congress, including cybersecurity, terrorism, emergency response, DHS management issues, and border security.

Effective Cyberdeterrence Takes More Than Offensive Capability

Mar 1, 2017

A successful cyberdeterrence posture has many prerequisites. These include attributing attacks to the correct party, thresholds for what merits retaliation, credibility, and offensive capability. For the United States, capability is the least in doubt.

RAND Expert to Discuss Cyber Deterrents the U.S. Should Consider

Feb 28, 2017

Martin C. Libicki will testify before the House Armed Services Committee on Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities. Libicki is an adjunct senior management scientist at the RAND Corporation, a professor at the Pardee RAND Graduate School and a Distinguished Visiting Professor at the U.S. Naval Academy.

A focus on cybersecurity

Dec 19, 2016

Cybersecurity has risen to become a prominent issue of national and global security for governments and international organisations worldwide. A focus on cybersecurity looks at the issues and details RAND Europe's expertise and work in the area.

Issues with Access to Acquisition Data and Information in the Department of Defense

Dec 19, 2016

The authors evaluated current Controlled Unclassified Information labeling procedures, practices, and security policies for U.S. Department of Defense acquisition data and recommend improvements.

A Framework for Exploring Cybersecurity Policy Options

Nov 23, 2016

RAND conducted two discovery games to explore possible solutions for improving cybersecurity, assess their implications, and develop an initial framework to support debate and inform decisions regarding cybersecurity policies and practices.

Thought Leadership programme 2016

Oct 13, 2016

Key findings from the 2016 Thought Leadership Programme, convened by Corsham Institute in conjunction with RAND Europe and St George's House exploring opportunities and challenges created by digital technologies in society.

Security Sector Reform in Ukraine

Oct 5, 2016

The 2014 Maidan revolution created an opportunity for change in a system that had resisted it for 25 years. The Ukrainian security establishment has progressed since then, but its efforts have been insufficient to address the threats now facing the nation.

Cost of Cyber Incidents to American Companies Is Less Than Expected

Sep 20, 2016

Why don't American companies invest more in computer security? One possible explanation: Relative to the other risks they face, cyber risks often aren't as significant as expected. Most breaches cost companies less than 0.4 percent of their annual revenues.

RAND Cybersecurity Workshop

Aug 17, 2016

In this cybersecurity workshop, legislative staffers can learn how to calculate cyber risk; where to find appropriate information about threats, vulnerabilities, and impact; and better consider options for legislation and federal government response in cyberspace. [Washington, DC]

The “Internet of Things”: Lessons from a Hacker

May 25, 2016

RAND researcher and DEF CON Black Badge winner Lillian Ablon will describe how our increasingly digital world has presented new risks. She'll explain what makes us vulnerable and what motivates different types of cyberattackers. [Santa Monica, CA]

The Hackers' Bazaar: Markets for Cybercrime Tools and Stolen Data

May 24, 2016

RAND researcher and DEF CON Black Badge winner Lillian Ablon will discuss the characteristics of burgeoning black markets, why we can expect more cybercriminal activity, and why the ability to attack will likely outpace the ability to defend.