Skip to page content

INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

Report
Response Options to Cyberattacks on U.S. Government Networks
The United States has proved vulnerable to cyber incidents, and a lack of response has emboldened Russia and China to expand their cyber espionage activities. Have U.S. responses changed over time or affected adversary behavior? What lessons do these cases offer for future policymaking?
Apr 29, 2022
Report
Preparing for Post-Quantum Critical Infrastructure
Quantum computers are expected to create vulnerabilities in critical infrastructure. How vulnerable are critical functions, such as distributing electricity and protecting sensitive information? And how can the government help infrastructure owners and operators?
Aug 18, 2022

Explore Cybersecurity

Report
A Methodology for Quantifying the Value of Cybersecurity Investments in the Navy
Researchers developed a methodology to assess the value of resource options for U.S. Navy cybersecurity investments. The proposed methodology enables the Navy to rationalize the cost-effectiveness of potential investments within the POM process.
Sep 28, 2022
Report
Digital Infrastructure and Digital Presence: A Framework for Assessing the Impact on Future Military Competition and Conflict
Digital infrastructure has emerged as an area of competition between the United States and China. This report examines this competition and describes the implications for long-term military competition and conflict.
Sep 27, 2022
Report
Support to the DoD Cyber Workforce Zero-Based Review: Developing a Repeatable Process for Conducting ZBRs Within DoD
The zero-based review (ZBR) process described in this report constitutes a transparent, repeatable process with which the U.S. Department of Defense (DoD) can conduct future ZBRs across the DoD cyber enterprise.
Sep 19, 2022
Journal Article
Information Warfare: Methods to Counter Disinformation
We consider the nature of disinformation and its use in the hybrid warfare domain, before examining the problem through frames of planning approach, truth theory, systems thinking, and military strategy.
Sep 8, 2022
Report
Emerging Technology Beyond 2035: Scenario-Based Technology Assessment for Future Military Contingencies
This report presents the development and implementation of a technology assessment process to help the Army understand the implications of key emerging technologies that could be important for Army missions in the years 2035 to 2050.
Aug 29, 2022
Report
The Risks of North Korean Weapons of Mass Destruction
In addition to its nuclear weapons, North Korea has amassed chemical, biological, and electromagnetic pulse weapons. It has also created an active cyber hacker force. What can the United States and South Korea do to deter and, if necessary, counter these threats?
Aug 29, 2022
Blog
Homelessness in L.A., Russia's Military Woes, Educator Morale: RAND Weekly Recap
This weekly recap focuses on breaking the cycle of incarceration and homelessness, Russia’s ongoing military struggles, NATO expansion, and more.
Aug 19, 2022
Report
Securing U.S. Elections
Election systems across U.S. states and jurisdictions are diverse in terms of governance and technology. How can state and local officials effectively assess and prioritize cybersecurity risk in the systems they oversee?
Aug 16, 2022
Blog
Politicized Topics in School, the War in Ukraine, Post-Quantum Cryptography: RAND Weekly Recap
This weekly recap focuses on the intrusion of politicized topics in America's schools, where the war in Ukraine may be headed, post-quantum cryptography, and more.
Aug 12, 2022
Commentary
Hack Post-Quantum Cryptography Now So That Bad Actors Don't Do It Later
The U.S. government should consider offering a public cash bounty to anyone who can crack the new forms of encryption that are being rolled out to defend against quantum computers. If a bounty helps catch a vulnerability before it's deployed, then the modest cost of the bounty could prevent much higher costs down the line.
Jul 28, 2022
Journal Article
Cyber Deterrence with Imperfect Attribution and Unverifiable Signaling
Examines a game of deterrence in which the defender can signal its retaliatory capability but can only imperfectly attribute an attack. We show that there are equilibria in which the defender sends noisy signals to increase its expected payoff.
Jul 25, 2022
Report
Identifying Critical IT Products and Services
Researchers have identified the software and businesses that provide critical information technology products and services and developed a framework to continue this analysis as technology evolves. They assessed both software risk and business risk.
Jul 6, 2022
Report
Planning for Significant Cyber Incidents: An Introduction for Decisionmakers
This report describes contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing it. It summarizes a companion how-to guide by the same authors.
Jun 27, 2022
Commentary
The Metaverse: What It Is and Is Not
The metaverse is quickly expanding, but its meaning remains unclear. Until an agreement on a definition of “metaverse” is reached, efforts to manage the technology development and related public policy could be muddled at best.
Jun 20, 2022
Report
Russia's Information Warfare with the West
Popular portrayals of the Russian disinformation machine imply an organized and well-resourced operation, but evidence suggests that it is neither. Nonetheless, Russian social media activity can be harmful to U.S. interests and is likely to evolve.
Jun 7, 2022
Report
Disclosure of Software Supply Chain Risks
This Perspective presents a set of proposed disclosure rules that the U.S. Securities and Exchange Commission could implement to help address software supply chain risks and improve security.
May 26, 2022
Report
Managing Response to Significant Cyber Incidents: Comparing Event Life Cycles and Incident Response Across Cyber and Non-Cyber Events
This report examines U.S. structures and processes for non-cyber emergency management and whether U.S. officials can learn from these other incidents to help public and private sector stakeholders improve preparations for response to cyber incidents.
May 12, 2022
Blog
How Data Can Help Refugees, Homelessness in L.A., Harm Reduction: RAND Weekly Recap
This weekly recap focuses on tapping into Facebook data to help refugees, addressing homelessness in Los Angeles, understanding burnout among health care providers, and more.
May 6, 2022
Report
Securing 5G: A Way Forward in the U.S. and China Security Competition
Across the United States and globally, 5G networks are being deployed and will one day replace many older cellular networks. But there are security concerns about 5G networks built using Chinese equipment and 5G phones made by some Chinese companies.
Apr 29, 2022

1
2
3
4
5
6
7
8
9
10
Next

RAND Topic:
Cybersecurity

Topic Synonyms:
Information Security;
INFOSEC

Research conducted by