Jason Healey

Senior Research Scholar, School of International and Public Affairs

1337 International Affairs
212-854-4616

Jason Healey is a Senior Research Scholar and adjunct faculty at Columbia University’s School for International and Public Affairs, specializing in cyber conflict, competition and cooperation. Prior to this, he was the founding director of the Cyber Statecraft Initiative of the Atlantic Council where he remains a senior fellow. He is the author of dozens of published articles and the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012.

During his time in the White House, Healey was a director for cyber policy and helped to advise the President and coordinate US efforts to secure US cyberspace and critical infrastructure. He created the first cyber incident response team for Goldman Sachs and later oversaw the bank’s crisis management and business continuity in Hong Kong. He has been vice chairman of the FS-ISAC (the information sharing and security organization for the finance sector) and started his career as a US Air Force intelligence officer with jobs at the Pentagon and National Security Agency. Jason was a founding member (plank owner) of the first cyber command in the world, the Joint Task Force for Computer Network Defense, in 1998.

Healey is on the Defense Science Board task force on cyber deterrence and is a frequent speaker at the main hacker and security conferences, including Black Hat, RSA, and DEF CON, for which he is also on the review board. He is president of the Cyber Conflict Studies Association and has been adjunct faculty at NSA’s National Cryptologic School, Georgetown University and Johns Hopkins School of Advanced International Studies.

Publications

Books

Jason Healey et al., Cyber Security Policy Guidebook (Hoboken, NJ: Wiley, 2012).

A Fierce Domain: Cyber Conflict, 1986 to 2012 (Arlington, VA: Cyber Conflict Studies Association, 2013).

Book Chapters

“Global Implications of the US-China Cyber Relationship,” in Cybersecurity: Emerging Issues, Trends, Technologies and Threats in 2015 and Beyond, eds. Caitrίona Helena Heinl and Tan E Guang Eugene (Singapore: S. Rajaratnam School of International Studies, 2016).

Jason Healey and Michelle Cantos, “What’s Next for Putin in Ukraine? Cyber Escalation,” in Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers (Tallinn: NATO CCDCOE, 2015).

Alexander Klimburg and Jason Healey, “Strategic Goals & Stakeholders,” in National Cyber Security Framework Manual, ed. Alexander Klimburg, NATO Cooperative Cyber Defense Center of Excellence (2012).

Jason Healey, Greg Rattray, and Chris Evans “American Security in the Cyber Commons,” in The Contested Commons: The Future of American Power in a Multipolar World (Washington, DC: Center for a New American Security, 2010).

Eric Luiijf and Jason Healey, “Organisational Structures and Considerations,” in National Cyber Security Framework Manual, ed. Alexander Klimburg, NATO Cooperative Cyber Defense Center of Excellence (2012).

Journal Articles

Jason Healey and Klara Jordan, “Setting Priorities on Cybersecurity,” Democracy Today 40, (2016).

“The Healthcare Internet of Things: Risks and Rewards,” Atlantic Council (18 March 2015).

Hannah Pitts and Jason Healey, “Applying International Environmental Legal Norms to Cyber Statecraft,” I/S: A Journal of Law and Policy for the Information Society 8, no. 2 (2012): 356.

“Claiming the Air Force’s Lost Cyber Heritage,” Strategic Studies Quarterly 6, no. 3 (2012): 11.

“The Five Futures of Cyber Conflict and Cooperation,” Georgetown Journal of International Affairs, International Engagement on Cyber: Establishing International Norms and Improved Cybersecurity (2011): 110.

“Four ways to address cyberconflict – and how analytics can help,” Intelligence Quarterly, a Journal of Advanced Analytics (2011).

“The Spectrum of National Responsibility for Cyberattacks,” Brown Journal of World Affairs 18, no. 1 (2011): 57.

Jason Healey and Greg Rattray, “Categorizing and Understanding Offensive Cyber Capabilities and Their Use,” Proceedings of a Workshop on Deterring Cyber Attacks: Informing Strategies and Developing Options for U.S. Policy (2010).

“Who’s in Control: Balance in Cyber’s Public-Private Sector Partnerships,” Georgetown Journal of International Affairs 18, no.3 (2017): 120.

Other Articles

“Why the FBI will eventually reveal its iPhone hack to Apple,” Christian Science Monitor (25 March 2016).

“How NSA reorganization could squander remaining trust,” Christian Science Monitor (4 February 2016).

“Overcome by Cyber Risks? Economic Benefits and Costs of Alternate Cyber Futures,” Atlantic Council (2015).

“Poisoning the Internet won’t stop more Paris attacks,” The Christian Science Monitor, 17 November 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/1117/Opinion-Poisoning-the-Internet-won-t-stop-more-Paris-attacks> (17 November 2015).

Anni Piiparinen and Jason Healey, “Did China Just Hack the International Court Adjudicating Its South China Sea Territorial Claims?” The Diplomat, 27 October 2015, <https://thediplomat.com/2015/10/did-china-just-hack-the-international-court-adjudicating-its-south-china-sea-territorial-claims/> (27 October 2015).

“Even if flawed, cyber theft deal with China a win for Obama,” The Christian Science Monitor, 25 September 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0925/Opinion-Even-if-flawed-cybertheft-deal-with-China-a-win-for-Obama> (25 September 2015).

“Restraint is the best weapon against Chinese hacks,” The Christian Science Monitor, 9 September 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0909/Opinion-Restraint-is-the-best-weapon-against-Chinese-hacks>(9 September 2015).

“#CyberDeflategate and the beginning of sports hacking” The Christian Science Monitor, 19 June 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0619/Opinion-CyberDeflategate-and-the-beginning-of-sports-hacking> (19 June 2015).

“Commentary: Cyber Command as a 5-Year-Old,” Defense News, 19 June 2015,<https://www.defensenews.com/opinion/commentary/2015/06/09/commentary-cyber-command-as-a-5-year-old/> (19 June 2015).

“Estonia’s Democracy Goes Digital,” The National Interest, 17 March 2015 <http://www.atlanticcouncil.org/news/in-the-news/healey-estonia-s-democracy-goes-digital> (17 March 2015).

“Will 2015 be the year we shoot back in cyberspace?” (CSM Passcode, March 13, 2015)

“Confidence Building Measures in Cyberspace: A Multistakeholder Approach for Stability and Security,” Atlantic Council, 4 November 2014, <http://www.atlanticcouncil.org/publications/reports/confidence-building-measures-in-cyberspace-a-multistakeholder-approach-for-stability-and-security> (4 November 2014).

“The Internet: A Lawless Wild West?” The National Interest, 11 June 2014, <https://nationalinterest.org/feature/the-internet-lawless-wild-west-10638> (11 June 2014).

Jason Healey and Dan Riordan, “Managing Internet Risks to prevent a cyber catastrophe,” Denver Post, 29 April 2014, <https://www.denverpost.com/2014/04/29/managing-internet-risks-to-prevent-a-cyber-catastrophe/> (29 April 2014).

“Beyond data breaches,” Atlantic Council report with Zurich Insurance Group, 16 April 2014, <http://www.atlanticcouncil.org/images/publications/Zurich_Cyber_Risk_April_2014.pdf> (16 April 2014).

Jason Healey and Michael Kerner, “Surviving Cyber’s Subprime Moment” US News and World Report, 16 April 2014, <https://www.usnews.com/opinion/blogs/world-report/2014/04/16/how-to-survive-the-internets-subprime-mortgage-moment> (16 April 2014).

“How Emperor Alexander Militarized American Cyberspace,” Foreign Policy, 6 November 2013, <https://foreignpolicy.com/2013/11/06/how-emperor-alexander-militarized-american-cyberspace/> (6 November 2013).

“Time to split the Cyber ‘Deep State’ of NSA and Cyber Command,” Huffington Post, 2 October 2013, <https://www.huffingtonpost.com/jason-healey/keith-alexander-nsa-cyber-command_b_4031368.html> (2 October 2013).

“Don’t Worry About Cyber Retaliation After a Syria Strike,” US News and World Report, 7 September 2013 <https://www.usnews.com/opinion/blogs/world-report/2013/09/07/dont-worry-about-cyber-retaliation-after-a-syria-strike> (7 September 2013).

“On China Cyber Espionage, US Should Shout But Also Listen,” Atlantic Council, 18 April 2013, <http://www.atlanticcouncil.org/blogs/new-atlanticist/chinese-cyber-espionage-us-must-shout-but-also-listen> (18 April 2013).

“Stuxnet and the Dawn of Algorithmic Warfare,” Huffington Post, 16 April 2013, <https://www.huffingtonpost.com/jason-healey/stuxnet-cyberwarfare_b_3091274.html> (16 April 2013).

“North Korea’s Cyber Stunts Aren’t War, So Act Accordingly,” US News and World Report, 9 April 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/04/09/stopping-north-korean-cyber-attacks-starts-in-china> (9 April 2013).

“Cyberwar Isn’t An Existential Threat to the U.S.,” US News and World Report, 20 March 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/03/20/cyber-attacks-not-yet-an-existential-threat-to-the-us> (20 March 2013).

“Obama’s Cyberwarfare Strategy Will Backfire,” US News and World Report, 8 March 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/03/08/clandestine-american-strategy-on-cyberwarfare-will-backfire> (8 March 2013).

“How the U.S. Should Respond to Chinese Cyberespionage,” US News and World Report, 19 February 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/02/19/how-the-us-should-respond-to-chinese-cyberespionage> (19 February 2013).

“Addressing Cyber Instability,” Cyber Conflict Studies Association, 2012, <http://www.atlanticcouncil.org/events/past-events/addressing-cyber-instability>.

“Cybersecurity Pipe Dreams,” The National Interest, 27 July 2012, <https://nationalinterest.org/commentary/cyber-security-pipe-dreams-7254>(27 July 2012).

“Cybersecurity Legislation Should Force US Government to Listen Less and Speak More,” The Atlantic, 15 March 2012, <https://www.theatlantic.com/technology/archive/2012/03/cybersecurity-legislation-should-force-us-government-to-listen-less-and-speak-more/254491/> (15 March 2012).

“Protecting Humanitarian Interests in Cyber Conflict,” Atlantic Council, 10 June 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/protecting-humanitarian-interests-in-cyber-conflict> (10 June 2011).

“Select Foreign Response to the U.S. International Cyber Strategy,” Atlantic Council’s New Atlanticist Blog, 31 May 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/select-foreign-response-to-the-us-international-cyber-strategy> (31 May 2011).

“Bringing a Gun to a Knife Fight: Striking Back in Cyber Conflict,” Atlantic Council, 24 May 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/bringing-a-gun-to-a-knife-fight-striking-back-in-cyber-conflict> (24 May 2011).

“Cyber Workforce Ferris Wheel,” Atlantic Council, 3 May 2011 <http://www.atlanticcouncil.org/blogs/new-atlanticist/cyber-workforce-ferris-wheel> (3 May 2011).

“America’s New Cyberspace Strategy,” Atlantic Council, 16 May 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/americas-new-cyberspace-strategy> (16 May 2011).

Jason Healey and Greg Rattray, “Threat and Promise of Non-State Cyber Actors,” America’s Cyber Future: Security and Prosperity in the Information Age (2011).

“Breaking the Cyber-Sharing Logjam,” Atlantic Council, 1 February 2015, <http://www.atlanticcouncil.org/publications/reports/breaking-the-cyber-sharing-logjam> (18 February 2015).

“Winning and Losing in Cyberspace,” 2016 8th International Conference on Cyber Conflict (CyCon) (2016): 37-49 <https://ccdcoe.org/cycon/2016/proceedings/03_healey.pdf> (2016).