In this report, we update the research summarized in the Capstone Report with current job opening data to compare the civilian cybersecurity and IT workforces with those in the U.S. government and the private sector. We also extend the DoD-private industry comparison research summarized in the Capstone Report by further examining the proportion of workers across a common taxonomy of cyber work roles, salaries paid across work roles, and demand for these jobs. Thus, this report both updates and expands upon the research presented in the Capstone Report.

This report sets out the results of a study of consumer attitudes toward data breaches, notifications that a breach has occurred, and company responses to such events. The report should provide valuable information that can be used by businesses and policymakers as they develop policies and best prac-tices related to information security and data breach response. More- over, it should be of interest to individuals who conduct business with any organization that holds their personal and confidential data.

This report provides a series of recommendations for the reform of Ukraine’s security and defense institutions. It covers a wide range of topics including cyber warfare. This research was under- taken in response to a request by the presidential administration of Ukraine and in participation with the National Security and Defense Council and sponsored by Ukraine Investment Alliance, a 501(c)(4) foundation. Research for this report was completed in the fall of 2015. Although some minor updates have been made, the analysis predomi- nantly reflects the situation as of that time.

This report looks at China’s evolving approach to integrated strategic deterrence. Drawing on a variety of Chinese military writings, this report explores the origins of this concept, how it relates to Chinese development of counter-intervention capabilities, and how Beijing’s assessment of its external security environment influences its requirements.

In this report, they focus on issues related to retaining cyber soldiers. They use data from the Army’s personnel files to determine how many new soldiers are likely to meet the qualifications for this new MOS, as well as their expected retention rates. Specifically, they apply 17C enlist- ment requirements to all soldiers to determine how many meet the standards. They also use data on civilian occupa- tions to determine the earnings these soldiers are likely to be offered based on their military cyber training. To do this, they use the American Community Survey (ACS) data on all workers in information technology (IT)–related occupations.

While the use of the dark web as facilitators for illicit drug trade has increasingly been the subject of research by a number of academics, little has been done to conduct a systematic investigation of the role of the dark web in relation to the illegal arms trade, drawing on the insights offered by primary data. To address this gap, and with a view to support- ing policy and decision makers, RAND Europe and the University of Manchester designed this research project.

This project sought to draw lessons from the efforts of others (both nation-state and nonstate actors) in and through the IE for future U.S. Army force planning and investment. These case studies of other forces can help the Army (1) identify capabilities and practices that it should consider adopting and (2) identify adversary capabilities and practices that it must be prepared to counter in future operations in and through the IE.

The goal of this project was to develop an initial framework for cybersecurity that considers the roles of government, industry, advo- cacy organizations, and academic institutions and how these stake- holders’ concerns relate to each other.

This report offers the case studies used for the official report of the same name.

The research reported here was conducted in the RAND Justice Policy Program, which spans both criminal and civil justice system issues with such topics as public safety, effective policing, police–community relations, drug policy and enforcement, corrections policy, use of technology in law enforcement, tort reform, catastrophe and mass-injury compensation, court resourcing, and insurance regulation. Program research is supported by government agencies, foundations, and the private sector.

This paper presents the testimony, of Martin Libicki, presented before the House Armed Services Committee on March 1, 2017.

In 2015, after two years of study and policy coordination, the United States and Japan publicly issued new defense guidelines, updating and expanding upon the previous guidance of 1997. The new guidelines enable a much broader set of cooperative engagements, including in geographic areas beyond the areas surrounding Japan and in the new domains of outer space and cyberspace.

This report aims to investigate the role of the Internet in facilitating drugs trade. It is commissioned by the Research and Documentation Centre (Wetenschappelijk Onderzoek- en Documentatiecentrum, WODC), the independent research arm of the Ministry of Security and Justice in the Netherlands. Special attention will therefore be paid to the role of Dutch actors in facilitating this trade.

The 2016 Thought Leadership programme convened by Corsham Institute, in conjunction with RAND Europe and St George’s House, examined a number of crucial dimensions of our connected society. The programme facilitated the gathering of a diverse set of experts and influential leaders from various sectors to discuss challenges and opportunities, share experiences, and build a network. To give a brief glimpse of these discussions, we have produced this Key Findings report to provide participants, stakeholders and interested parties with a strong sense of both the subjects covered during our deliberations, as well as some of the issues, which still need to be tackled going forward.

On behalf of the National Institute of Justice (NIJ) and as part of the Priority Criminal Justice Needs Initia- tive, the RAND Corporation, in partnership with the Police Executive Research Forum, organized a workshop in May 2017 on Challenges with Law Enforcement Access to Digital Evidence Held in Remote Data Centers. Discussions focused on ambiguities in U.S. law and procedure, challenges associated with using the Mutual Legal Assistance Treaty (MLAT) process, issues stemming from inadequate cooperation between law enforcement and service providers (the companies and organizations providing remote storage, communication, and computing services), and technical issues related to evidence residing in the cloud.

This paper presents the Testimony of Rand Waltzman presented before the Senate Armed Services Committee, Subcommittee on Cybersecurity on April 27, 2017.

This report is a response to the absence of a formal dialogue and explores U.S. policy options for managing relations with China over this critical policy area. It looks at two basic questions: Can the United States and China return to meaningful formal negotiations over norms and rules in cyberspace? And, if so, what areas are most likely to yield agreement, and what might be exchanged for what?

With the limits of both hard military power and soft power in mind, we set out to explore the space in between: nonmilitary ways of coercing, deterring, weaken- ing, and punishing those that threaten peace, security, and U.S. inter- ests. This examination was part of a project for the Army Quadren- nial Defense Review Office called Hard Security. This report presents alternate approaches to securing U.S. interests that complement hard security and potentially make it more effective.

In December 2016, RAND and the National Security College at The Australian National University partnered to facilitate a cyber security–focused 360o Discovery Exercise in Canberra. The exercise used plausible scenarios to explore the chal- lenges Australia faces in securing cyberspace by placing pres- sure on government authorities, industry capabilities, users’ tolerance for malicious cyber activity, and the ability to develop interdisciplinary solutions to pressing cyber security challenges. The scenarios considered the security of the Internet of Things and intellectual property theft against a backdrop of evolving international norms of behaviour in cyberspace.

The Bureau of Justice Statistics (BJS) within the U.S. Department of Justice (DOJ), along with the U.S. Department of Homeland Security (DHS), conducted the National Computer Security Survey (NCSS), a nationally representative sample of businesses across 36 industry sectors. This report will be of interest to researchers and analysts who are interested in under- standing the methodology underlying the NCSS, including questionnaire design, survey field- ing, sampling, and weighting methodologies for this large-scale survey. The report will also be informative for scholars who are interested in analyzing the NCSS public-use data file.

The goal of this research was to produce a transparent methodology for estimating present and future global costs of cyber risk, acknowledging the considerable uncertainty in the frequencies and costs of cyber incidents.