INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Composite image of binary code on a sunset over water by Eileen Delson La Russo/RAND, adapted from images by Agil_Leonardo, Matejmo, and Byakkaya/Getty Images

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Mar 9, 2017

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

  • Woman using smartphone and laptop with icon graphic cyber security network of connected devices and personal data security, photo by oatawa/Getty Images

    Commentary

    How to Help Small Businesses Deal with Cyber Threats

    Sep 15, 2017

    Small businesses are especially vulnerable to cyber threats. What can be done to provide small businesses the security to continue to prosper, while enhancing America's cybersecurity workforce and making the economy more secure?

Explore Information Security

  • Criminal hiding behind a mask on computer screen asking the owner for money

    Commentary

    The WannaCry Cyber Attack Could Be the First of Many If the NHS Takes No Action

    In the UK, the National Health Service (NHS) was one of the organizations most severely affected by the WannaCry ransomware. The NHS and other public sector organizations need to improve their cybersecurity processes and quickly before a more severe cyber attack takes place.

    Dec 1, 2017

  • Report

    Robust and Resilient Logistics Operations in a Degraded Information Environment

    The U.S. Air Force asked RAND Project AIR FORCE to examine how tactics, techniques, and procedures should change to improve an airman's ability to detect, evaluate, and mitigate significant corruption of logistics data.

    Nov 22, 2017

  • Report

    The U.S.-Japan Alliance and Deterring Gray Zone Coercion in the Maritime, Cyber, and Space Domains

    China is trying to change the status quo in the Indo-Pacific through gray zone coercion -- actions below the threshold that would trigger a military response. This report focuses on deterring such coercion in the maritime, cyber, and space domains.

    Nov 20, 2017

  • Computer hacker with magnifying glass

    Commentary

    It's Time for the International Community to Get Serious About Vulnerability Equities

    Multiple countries around the world are likely discovering, retaining and exploiting zero-day vulnerabilities without a process to properly consider the trade-offs. This needs to change. It’s time for the international community to get serious about vulnerability equities.

    Nov 15, 2017

  • Report

    The Creation of the PLA Strategic Support Force and Its Implications for Chinese Military Space Operations

    This report explores the missions and organization of China's Strategic Support Force, created in 2015 to develop and employ space capabilities, in particular launch and operation of satellites to provide C4ISR capabilities for joint operations.

    Nov 10, 2017

  • Trading information about Equifax and the company logo are displayed on a screen on the floor of the New York Stock Exchange, September 8, 2017

    Commentary

    The Equifax Breach: Yawn, or Yikes?

    In cases where personal information is exposed, such as the Equifax data breach, it is critical that consumers take steps to ensure their information is not abused. The simplest and perhaps the most effective way to enhance personal digital security is to protect account credentials using password management software.

    Nov 3, 2017

  • Hands typing with visual of computer code

    Multimedia

    Equifax and the Data-Breach Era: How Worried Should We Be?

    Large-scale data breaches like those of Equifax and OPM compromised the personal data of millions of people. What can be done to improve the response to such breaches? In this October 26th congressional briefing, Lillian Ablon and Sina Beaghley address victim and lawmaker reactions, national security implications, and considerations for policymakers.

    Oct 26, 2017

  • Periodical

    RAND Review: November-December 2017

    This issue highlights recent RAND research on post-9/11 military caregivers; RAND-Lex, a computer program built at RAND that can analyze huge data sets of text; and the implications of climate change on Arctic cooperation.

    Oct 19, 2017

  • Credit cards, a chain, an open padlock, and a computer keyboard are visible next to the Equifax logo

    Commentary

    Equifax and the Data-Breach Era

    The personal and financial data of almost 146 million U.S. consumers has been compromised by the Equifax breach, the latest in a long line of high-profile hacks. Do consumers worry enough about such breaches? And what options are available to Congress?

    Oct 18, 2017

  • Report

    Building our Connected Society: Findings from the 2017 Thought Leadership programme

    This report summarises the key themes that emerged from four thought leadership sessions on the UK's connected society, along with recommended actions moving forward for the UK government, industries, the third sector and the public.

    Oct 11, 2017

  • Tool

    Roadmap to Succeed in the Open for the National Geospatial-Intelligence Agency's Human Development Directorate

    This tool provides the National Geospatial-Intelligence Agency's Human Development Directorate with a roadmap for how employees can overcome the hurdles to achieving the agency's missions outside of secure and classified environments.

    Sep 26, 2017

  • Soldiers with U.S. Army Cyber Command take part in network defense training

    Report

    How the Army Can Retain Its Cyber Expertise

    Projected earnings for information security analysts with characteristics similar to those of enlisted soldiers are comparable with military pay. But retention efforts may be hampered by soldiers' perceptions of civilian opportunities.

    Sep 18, 2017

  • Hacked internet of things

    Commentary

    Gaming Policy in Cyberspace

    Hacked devices and intellectual property theft are a rich hunting ground for policy development. The challenge posed by Internet-connect devices is only getting worse as the number of online devices continues to grow.

    Aug 23, 2017

  • Digital devices on a map of Australia

    Report

    Australia's Cyber Security Policy Options

    An exercise with participants from government, industry, think tanks, academia, and the media explored opportunities to improve cyber security and inform Australia's strategy. Recommendations include creating and enforcing technology security standards, crafting international agreements to address challenges, and increasing awareness to keep users safe online.

    Aug 7, 2017

  • The U.S. Capitol building illuminated at night in Washington, D.C.

    Blog

    RAND's Summer Reading List for Congress

    Hill staffers can make the most of the Congressional recess with this list of must-read research and commentary on the policy issues they will be addressing this fall.

    Aug 4, 2017

  • Girl Scouts compete in the Mission Ocean Challenge during the USS California Science Experience at Naval Surface Warfare Center, November 6, 2010

    Commentary

    Cybersecurity Badge: One Big Step for Girl Scouts, Potentially Giant Leap for Women

    The Girl Scouts will start offering 18 cybersecurity badges next year. In addition to exposing girls to cyber concepts and challenges, this could encourage them to pursue cybersecurity or other STEM careers in which women are underrepresented.

    Aug 3, 2017

  • Computer hacker working on laptop late at night in office

    Commentary

    Connect, Buy-Now, Fire: How the Dark Web Allows Criminals to Buy Weapons—Anonymously

    Despite its small size compared to the offline market, the ability of the dark web to anonymously arm individuals of all backgrounds needs to be taken seriously. Its potential impact on international security is significant.

    Jul 25, 2017

  • Russian President Vladimir Putin speaks during a news conference after the G20 summit in Hamburg, Germany, July 8, 2017

    Commentary

    Russian Information Warfare: A Reality That Needs a Response

    For the last three decades, Russia has exploited its growing capabilities in cyberspace to spy on, influence, and punish others. The West will continue to struggle to hold Moscow accountable, in part because international law falls far short of fully defining the rules or resolving conflicts.

    Jul 21, 2017

  • News Release

    US Weapons Main Source of Illegal Arms Trade on the Dark Web

    The illegal sales on the dark web of firearms, weapons, explosives, and banned digital guides on homemade products present challenges for law enforcement agencies and national governments. Its potential to anonymously arm criminals and terrorists, as well as vulnerable and fixated individuals, is the most dangerous aspect.

    Jul 19, 2017