Skip to page content

INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

Report
Response Options to Cyberattacks on U.S. Government Networks
The United States has proved vulnerable to cyber incidents, and a lack of response has emboldened Russia and China to expand their cyber espionage activities. Have U.S. responses changed over time or affected adversary behavior? What lessons do these cases offer for future policymaking?
Apr 29, 2022
Report
Preparing for Post-Quantum Critical Infrastructure
Quantum computers are expected to create vulnerabilities in critical infrastructure. How vulnerable are critical functions, such as distributing electricity and protecting sensitive information? And how can the government help infrastructure owners and operators?
Aug 18, 2022

Explore Cybersecurity

Report
Comparison of Public and Private Sector Cybersecurity and IT Workforces
The authors develop a common taxonomy based on work roles, key tasks, and responsibilities to examine the proportion of cybersecurity and information technology work roles, workers' salaries, and demand across private and public sectors.
Feb 7, 2023
Blog
The War in Ukraine, Software Supply Chain Risk, 'Hacking Equity': RAND Weekly Recap
This weekly recap focuses on lessons about defense strategy from the war in Ukraine, U.S.-France cooperation in the Indo-Pacific, software supply chain risk, and more.
Feb 3, 2023
Report
A Cost Estimating Framework for U.S. Marine Corps Joint Cyber Weapons
To help improve leadership decisionmaking related to the costs of offensive cyber operations acquisition, the authors developed a life-cycle cost-estimating framework for the U.S. Marine Corps and conducted exploratory modeling and simulation.
Feb 2, 2023
Commentary
Software Supply Chain Risk Is Growing, but Mitigation Solutions Exist
Software supply chain security has emerged as a leading risk because of the massively fragmented and decentralized nature of modern software development. While we still have much to learn as a community about this risk, there are concrete steps we can take to better understand and mitigate it.
Jan 26, 2023
Report
Cryptocurrency and Blockchain Needs for Law Enforcement
As cryptocurrency is increasingly used for both legitimate business transactions and illegal activities, law enforcement must adapt. In this report, researchers describe cryptocurrency-related research and development needs for law enforcement.
Jan 12, 2023
Report
Educating for Evolving Operational Domains: Cyber and Information Education in the Department of Defense and the Role of the College of Information and Cyberspace
This report examines how Department of Defense educational institutions are addressing cyberspace and information education, the potential demand for this education, and how the College of Information and Cyberspace can contribute.
Nov 17, 2022
Commentary
The Intelligence Community Doesn't Warn About All Attacks Against the U.S. Homeland. Why Not?
Targets for foreign threats against the United States increasingly include entities that are not part of the U.S. government or military. But too many of these potential victims are unaware of threats against them, are not warned with intelligence reporting about such threats, and lack information about options to protect themselves.
Oct 21, 2022
Commentary
Preparing for a Post-Quantum Future
Future quantum computers could create a significant national security risk by enabling attackers to break a foundational element of security in America's networked communication infrastructure. The United States is taking strides to address national security risks from quantum computing, but there is a long road ahead.
Oct 6, 2022
Report
A Methodology for Quantifying the Value of Cybersecurity Investments in the Navy
Researchers developed a methodology to assess the value of resource options for U.S. Navy cybersecurity investments. The proposed methodology enables the Navy to rationalize the cost-effectiveness of potential investments within the POM process.
Sep 28, 2022
Report
Digital Infrastructure and Digital Presence: A Framework for Assessing the Impact on Future Military Competition and Conflict
Digital infrastructure has emerged as an area of competition between the United States and China. This report examines this competition and describes the implications for long-term military competition and conflict.
Sep 27, 2022
Report
Support to the DoD Cyber Workforce Zero-Based Review: Developing a Repeatable Process for Conducting ZBRs Within DoD
The zero-based review (ZBR) process described in this report constitutes a transparent, repeatable process with which the U.S. Department of Defense (DoD) can conduct future ZBRs across the DoD cyber enterprise.
Sep 19, 2022
Report
Emerging Technology Beyond 2035: Scenario-Based Technology Assessment for Future Military Contingencies
This report presents the development and implementation of a technology assessment process to help the Army understand the implications of key emerging technologies that could be important for Army missions in the years 2035 to 2050.
Aug 29, 2022
Blog
Homelessness in L.A., Russia's Military Woes, Educator Morale: RAND Weekly Recap
This weekly recap focuses on breaking the cycle of incarceration and homelessness, Russia’s ongoing military struggles, NATO expansion, and more.
Aug 19, 2022
Report
Securing U.S. Elections
Election systems across U.S. states and jurisdictions are diverse in terms of governance and technology. How can state and local officials effectively assess and prioritize cybersecurity risk in the systems they oversee?
Aug 16, 2022
Blog
Politicized Topics in School, the War in Ukraine, Post-Quantum Cryptography: RAND Weekly Recap
This weekly recap focuses on the intrusion of politicized topics in America's schools, where the war in Ukraine may be headed, post-quantum cryptography, and more.
Aug 12, 2022
Commentary
Hack Post-Quantum Cryptography Now So That Bad Actors Don't Do It Later
The U.S. government should consider offering a public cash bounty to anyone who can crack the new forms of encryption that are being rolled out to defend against quantum computers. If a bounty helps catch a vulnerability before it's deployed, then the modest cost of the bounty could prevent much higher costs down the line.
Jul 28, 2022
Journal Article
Cyber Deterrence with Imperfect Attribution and Unverifiable Signaling
Examines a game of deterrence in which the defender can signal its retaliatory capability but can only imperfectly attribute an attack. We show that there are equilibria in which the defender sends noisy signals to increase its expected payoff.
Jul 25, 2022
Report
Identifying Critical IT Products and Services
Researchers have identified the software and businesses that provide critical information technology products and services and developed a framework to continue this analysis as technology evolves. They assessed both software risk and business risk.
Jul 6, 2022
Report
Planning for Significant Cyber Incidents: An Introduction for Decisionmakers
This report describes contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing it. It summarizes a companion how-to guide by the same authors.
Jun 27, 2022

1
2
3
4
5
6
7
8
9
10
Next

RAND Topic:
Cybersecurity

Topic Synonyms:
Information Security;
INFOSEC

Research conducted by