Although spending on cybersecurity continues to grow, companies, government agencies, and nonprofit organizations are still being breached, and sensitive personal, financial, and health information is still being compromised. This report sets out the results of a study of consumer attitudes toward data breaches, notifications that a breach has occurred, and company responses to such events.

Advocates a cybersecurity “social contract” between government and business in seven key economic sectors

Cybersecurity vulnerabilities in the United States are extensive, affecting everything from national security and democratic elections to critical infrastructure and economy. In the past decade, the number of cyberattacks against American targets has increased exponentially, and their impact has been more costly than ever before. A successful cyber-defense can only be mounted with the cooperation of both the government and the private sector, and only when individual corporate leaders integrate cybersecurity strategy throughout their organizations.

A collaborative effort of the Board of Directors of the Internet Security Alliance, Fixing American Cybersecurity is divided into two parts. Part One analyzes why the US approach to cybersecurity has been inadequate and ineffective for decades and shows how it must be transformed to counter the heightened systemic risks that the nation faces today. Part Two explains in detail the cybersecurity strategies that should be pursued by each major sector of the American economy: health, defense, financial services, utilities and energy, retail, telecommunications, and information technology.

Fixing American Cybersecurity will benefit industry leaders, policymakers, and business students. This book is essential reading to prepare for the future of American cybersecurity.

This study explores U.S. policy options for managing cyberspace relations with China via agreements and norms of behavior. It considers two questions: Can negotiations lead to meaningful agreement on norms? If so, what does each side need to be prepared to exchange in order to achieve an acceptable outcome? This analysis should interest those concerned with U.S.-China relations and with developing norms of conduct in cyberspace.

The perceived shortage of cybersecurity professionals working on national security may endanger the nation’s networks and be a disadvantage in cyberspace conflict. RAND examined the cybersecurity labor market, especially in regard to national defense. Analysis suggests market forces and government programs will draw more workers into the profession in time, and steps taken today would not bear fruit for another five to ten years.

Most Internet users are familiar with trolling—aggressive, foul-mouthed posts designed to elicit angry responses in a site’s comments. Less familiar but far more serious is the way some use networked technologies to target real people, subjecting them, by name and address, to vicious, often terrifying, online abuse. In an in-depth investigation of a problem that is too often trivialized by lawmakers and the media, Danielle Keats Citron exposes the startling extent of personal cyber-attacks and proposes practical, lawful ways to prevent and punish online harassment. A refutation of those who claim that these attacks are legal, or at least impossible to stop, Hate Crimes in Cyberspace reveals the serious emotional, professional, and financial harms incurred by victims.

Persistent online attacks disproportionately target women and frequently include detailed fantasies of rape as well as reputation-ruining lies and sexually explicit photographs. And if dealing with a single attacker’s “revenge porn” were not enough, harassing posts that make their way onto social media sites often feed on one another, turning lone instigators into cyber-mobs.

Hate Crimes in Cyberspace rejects the view of the Internet as an anarchic Wild West, where those who venture online must be thick-skinned enough to endure all manner of verbal assault in the name of free speech protection, no matter how distasteful or abusive. Cyber-harassment is a matter of civil rights law, Citron contends, and legal precedents as well as social norms of decency and civility must be leveraged to stop it.

The most extensive account yet of the lives of cybercriminals and the vast international industry they have created, deeply sourced and based on field research in the world’s technology-crime hotspots.

Cybercrime seems invisible. Attacks arrive out of nowhere, their origins hidden by layers of sophisticated technology. Only the victims are clear. But every crime has its perpetrator—specific individuals or groups sitting somewhere behind keyboards and screens. Jonathan Lusthaus lifts the veil on the world of these cybercriminals in the most extensive account yet of the lives they lead, and the vast international industry they have created.

We are long past the age of the lone adolescent hacker tapping away in his parents’ basement. Cybercrime now operates like a business. Its goods and services may be illicit, but it is highly organized, complex, driven by profit, and globally interconnected. Having traveled to cybercrime hotspots around the world to meet with hundreds of law enforcement agents, security gurus, hackers, and criminals, Lusthaus takes us inside this murky underworld and reveals how this business works. He explains the strategies criminals use to build a thriving industry in a low-trust environment characterized by a precarious combination of anonymity and teamwork. Crime takes hold where there is more technical talent than legitimate opportunity, and where authorities turn a blind eye—perhaps for a price. In the fight against cybercrime, understanding what drives people into this industry is as important as advanced security.

Based on seven years of fieldwork from Eastern Europe to West Africa, Industry of Anonymity is a compelling and revealing study of a rational business model which, however much we might wish otherwise, has become a defining feature of the modern world.

This report examines the portfolio of tools funded by the State Department’s Bureau of Democracy, Human Rights, and Labor that help support Internet freedom and assesses the impact of these tools in promoting U.S. interests (such as freedom of expression, freedom of the press, and the free flow of information) without enabling criminal activity.

In Virtual Pedophilia Gillian Harkins traces how by the end of the twentieth century the pedophile as a social outcast evolved into its contemporary appearance as a virtually normal white male. The pedophile's alleged racial and gender normativity was treated as an exception to dominant racialized modes of criminal or diagnostic profiling. The pedophile was instead profiled as a virtual figure, a potential threat made visible only when information was transformed into predictive image. The virtual pedophile was everywhere and nowhere, slipping through day-to-day life undetected until people learned how to arm themselves with the right combination of visually predictive information. Drawing on television, movies, and documentaries such as Law and Order: SVU, To Catch a Predator, Mystic River, and Capturing the Friedmans, Harkins shows how diverse U.S. audiences have been conscripted and trained to be lay detectives who should always be on the lookout for the pedophile as virtual predator. In this way, the perceived threat of the pedophile legitimated increased surveillance and ramped-up legal strictures that expanded the security apparatus of the carceral state.

Zero-day vulnerabilities—software vulnerabilities for which no patch or fix has been publicly released—and their exploits are useful in cyber operations, as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that can inform ongoing policy debates regarding stockpiling (i.e., keeping zero-day vulnerabilities private) versus disclosing them to the public.