INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Blue and red cables transmitting data signals, image by Alexey Novikov/Adobe Stock

    Report

    Response Options to Cyberattacks on U.S. Government Networks

    Apr 29, 2022

    The United States has proved vulnerable to cyber incidents, and a lack of response has emboldened Russia and China to expand their cyber espionage activities. Have U.S. responses changed over time or affected adversary behavior? What lessons do these cases offer for future policymaking?

  • Red world map with areas circled, illustration by traffic_analyzer/Getty Images

    Report

    Competition and Restraint in Cyberspace

    Mar 7, 2022

    Recent years have seen a mounting concern in the United States over foreign efforts to harm election security or legitimacy through cyber means, an increase in cyber espionage, and attacks of growing sophistication. How could international norms help constrain such destabilizing behavior in cyberspace?

Explore Cybersecurity

  • A Board of Elections employee cleans a voting machine during early voting at the Brooklyn Museum in Brooklyn, New York City, New York, October 29, 2020, photo by Brendan McDermid/Reuters

    Report

    Securing U.S. Elections

    Election systems across U.S. states and jurisdictions are diverse in terms of governance and technology. How can state and local officials effectively assess and prioritize cybersecurity risk in the systems they oversee?

    Aug 16, 2022

  • An inside look at an ion trap within Quantinuum's quantum computer, which processes data using trapped-ion technology, Broomfield, Colorado, December 6, 2021, photo by Quantinuum/Handout via Reuters

    Commentary

    Hack Post-Quantum Cryptography Now So That Bad Actors Don't Do It Later

    The U.S. government should consider offering a public cash bounty to anyone who can crack the new forms of encryption that are being rolled out to defend against quantum computers. If a bounty helps catch a vulnerability before it's deployed, then the modest cost of the bounty could prevent much higher costs down the line.

    Jul 28, 2022

  • Journal Article

    Journal Article

    Cyber Deterrence with Imperfect Attribution and Unverifiable Signaling

    Examines a game of deterrence in which the defender can signal its retaliatory capability but can only imperfectly attribute an attack. We show that there are equilibria in which the defender sends noisy signals to increase its expected payoff.

    Jul 25, 2022

  • aerial view of a city with forced perspective and blurring

    Report

    Identifying Critical IT Products and Services

    Researchers have identified the software and businesses that provide critical information technology products and services and developed a framework to continue this analysis as technology evolves. They assessed both software risk and business risk.

    Jul 6, 2022

  • Report

    Report

    Planning for Significant Cyber Incidents: An Introduction for Decisionmakers

    This report describes contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing it. It summarizes a companion how-to guide by the same authors.

    Jun 27, 2022

  • Art installation “Machine Hallucinations—Space: Metaverse” by artist Refik Anadol, in Hong Kong, China, September 30, 2021, photo by Tyrone Siu/Reuters

    Commentary

    The Metaverse: What It Is and Is Not

    The metaverse is quickly expanding, but its meaning remains unclear. Until an agreement on a definition of “metaverse” is reached, efforts to manage the technology development and related public policy could be muddled at best.

    Jun 20, 2022

  • Report

    Report

    Disclosure of Software Supply Chain Risks

    This Perspective presents a set of proposed disclosure rules that the U.S. Securities and Exchange Commission could implement to help address software supply chain risks and improve security.

    May 26, 2022

  • Report

    Report

    Managing Response to Significant Cyber Incidents: Comparing Event Life Cycles and Incident Response Across Cyber and Non-Cyber Events

    This report examines U.S. structures and processes for non-cyber emergency management and whether U.S. officials can learn from these other incidents to help public and private sector stakeholders improve preparations for response to cyber incidents.

    May 12, 2022

  • 5G network with abstract high speed technology POV motion blur, photo by Tierney/AdobeStock

    Report

    Securing 5G: A Way Forward in the U.S. and China Security Competition

    Across the United States and globally, 5G networks are being deployed and will one day replace many older cellular networks. But there are security concerns about 5G networks built using Chinese equipment and 5G phones made by some Chinese companies.

    Apr 29, 2022

  • Hollywood Presbyterian Medical Center, the victim of a cyberattack that crippled its electronic database for days, in Los Angeles, California, February 16, 2016, photo by Mario Anzuoni/Reuters

    Commentary

    Preparing for a Cyberattack Starts at the Local Level

    The ongoing Russian war in Ukraine has highlighted the need for federal, state, and local level emergency managers to prepare to respond to a cyberattack with widespread impacts that significantly disrupt critical infrastructure.

    Apr 18, 2022

  • Illustration of online extremists by Jessica Arana/RAND Corporation from Sean Rayford/Alamy; dem10/Getty Images; sestovic/Getty Images; Dilok Klaisataporn/Getty Images; Comstock/Getty Images

    Report

    How Extremism Operates Online

    Extremist groups use internet-based tools for financing, networking and coordination, recruitment and radicalization, inter- and intra-group knowledge transfer, and mobilization to action. How do internet users engage with these efforts? And can the internet be leveraged to counter extremism?

    Apr 12, 2022

  • Dissertation

    Dissertation

    To Disclose, or Not to Disclose, That Is the Question: A Methods-Based Approach for Examining & Improving the US Government's Vulnerabilities Equities Process

    Analyzes the current Vulnerabilities Equities Process through a mixed methods approach.

    Mar 11, 2022

  • Journal Article

    Journal Article

    It's Getting Harder to Do: Countering Terrorist Use of the Internet

    Terrorists continue to use the Internet to plan, train, recruit, and execute terrorist attacks. This book chapter examines how terrorist Internet use has changed over time and new social media platforms make terrorism investigations harder to do.

    Mar 9, 2022

  • Blog

    RAND Commentary Highlights of 2021

    Vaccine rollouts, an attack on the U.S. Capitol, massive ransomware attacks, the withdrawal from Afghanistan, record numbers of job openings and people quitting, and more. RAND researchers weighed in on all these topics and more.

    Dec 21, 2021

  • Tech. Sgt. Rosa Valdes and Staff Sgt. Rebecca Toland, non-destructive inspection technicians from the 140th Maintenance Squadron, perform an inspection of the 446 bulkhead on a block-30 F-16 Fighting Falcon aircraft. The 446 bulkhead is aft fuselage structure of the F-16 aircraft that supports the tail structure and recent tests have indicated an increased amount of stress cracks in this area, photo by Senior Master Sgt. John Rohrer/U.S. Air National Guard

    Report

    Wing-Level Mission Assurance for a Cyber-Contested Environment

    The authors offer ways to help wings assure their missions despite cyber attacks, focusing on how wings can maintain situational awareness, defend their systems, and respond to and recover from attacks to survive and operate when under cyber attack.

    Dec 9, 2021

  • A woman with a smartphone is seen in front of social media logos, May 25, 2021, photo by Dado Ruvic/Reuters

    Report

    Understanding the Online Extremist Ecosystem

    By the early 2010s, it was clear that the internet provided white supremacists and other extremists a tool to operationalize their hateful ideas and cause real-world harms. How can the average user understand their risk of exposure to extremist content and make informed decisions about the platforms they use?

    Dec 2, 2021

  • Brochure

    Brochure

    Cybersecurity

    This brochure describes RAND Corporation research and analysis in this area, with examples from such diverse areas as organizational planning and implementation and cybersecurity workforce recruitment, retention, and management.

    Nov 30, 2021

  • Close view of a quantum computer, photo by Bartek Wróblewski/Adobe Stock

    Report

    Commercial and Military Applications of Quantum Technology

    There are three main categories of quantum technology: quantum sensing, quantum communication, and quantum computing. How—and when—might these technologies affect national security? And which countries lead in developing them?

    Oct 28, 2021