Jason Healey is a Senior Research Scholar at Columbia University’s School for International and Public Affairs specializing in cyber conflict and cyber risk. He also serves as a part-time senior cybersecurity strategist with the National Risk Management Center of the U.S. Cybersecurity and Infrastructure Security Agency. Prior to joining SIPA, he was the founding director of the Cyber Statecraft Initiative of the Atlantic Council where he remains a Senior Fellow. Healey was the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012 and co-authored the book Cyber Security Policy Guidebook by Wiley. He is on the review board of the Black Hat and DEF CON security and hacker conferences and served on the Defense Science Board task force on cyber deterrence. A frequent speaker on these issues, he is rated as a “top-rated” speaker for the RSA Conference and won the inaugural “Best of Briefing Award” at Black Hat.
Healey’s ideas on cyber topics have been widely published in over a hundred articles and essays published by the World Economic Forum, Aspen Strategy Group, Atlantic Council, and National Research Council. A Fierce Domain was reviewed favorably in the Economist and by numerous government leaders, including both the President of Estonia and former head of the CIA and NSA. Healey is also a founding board member and former president of the Cyber Conflict Studies Association and previously was adjunct faculty at National Cryptologic School, Georgetown University, and Johns Hopkins School of Advanced International Studies. He is an affiliate at Stanford University’s Center for International Security and Arms Control.
Healey was one of the pioneers of cyber threat intelligence and has unique experience working issues of cyber conflict and security spanning twenty years across the public and private sectors. As Director for Cyber Infrastructure Protection at the White House from 2003 to 2005, he helped advise the President and coordinated US efforts to secure US cyberspace and critical infrastructure. Healey has worked twice for Goldman Sachs, first to anchor their team for responding to cyber attacks and later, as an executive director in Hong Kong to manage Asia-wide business continuity and create the bank’s regional crisis management capabilities to respond to earthquakes, tsunamis, or terrorist attacks. Immediately after the 9/11 attacks, his efforts at the Financial Services Information Sharing and Analysis Center (FS-ISAC) formed bonds between the finance sector and government that remain strong today. Healey founded that group’s work on cyber threat intelligence and continued to build the organization as its vice chair.
Starting his career in the United States Air Force, Healey earned two Meritorious Service Medals for his early work in cyber operations at Headquarters Air Force at the Pentagon and as a plankowner (founding member) of the Joint Task Force – Computer Network Defense, the world’s first joint cyber warfighting unit. Healey holds degrees from the United States Air Force Academy (1991, Political Science), Johns Hopkins University (Liberal Arts) and James Madison University (Information Security). He has been an improv comedian in Washington DC and Hong Kong.
Jason Healey et al., Cyber Security Policy Guidebook (Hoboken, NJ: Wiley, 2012).
A Fierce Domain: Cyber Conflict, 1986 to 2012 (Arlington, VA: Cyber Conflict Studies Association, 2013).
“Global Implications of the US-China Cyber Relationship,” in Cybersecurity: Emerging Issues, Trends, Technologies and Threats in 2015 and Beyond, eds. Caitrίona Helena Heinl and Tan E Guang Eugene (Singapore: S. Rajaratnam School of International Studies, 2016).
Jason Healey and Michelle Cantos, “What’s Next for Putin in Ukraine? Cyber Escalation,” in Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers (Tallinn: NATO CCDCOE, 2015).
Alexander Klimburg and Jason Healey, “Strategic Goals & Stakeholders,” in National Cyber Security Framework Manual, ed. Alexander Klimburg, NATO Cooperative Cyber Defense Center of Excellence (2012).
Jason Healey, Greg Rattray, and Chris Evans “American Security in the Cyber Commons,” in The Contested Commons: The Future of American Power in a Multipolar World (Washington, DC: Center for a New American Security, 2010).
Eric Luiijf and Jason Healey, “Organisational Structures and Considerations,” in National Cyber Security Framework Manual, ed. Alexander Klimburg, NATO Cooperative Cyber Defense Center of Excellence (2012).
Jason Healey and Klara Jordan, “Setting Priorities on Cybersecurity,” Democracy Today 40, (2016).
“The Healthcare Internet of Things: Risks and Rewards,” Atlantic Council (18 March 2015).
Hannah Pitts and Jason Healey, “Applying International Environmental Legal Norms to Cyber Statecraft,” I/S: A Journal of Law and Policy for the Information Society 8, no. 2 (2012): 356.
“Claiming the Air Force’s Lost Cyber Heritage,” Strategic Studies Quarterly 6, no. 3 (2012): 11.
“The Five Futures of Cyber Conflict and Cooperation,” Georgetown Journal of International Affairs, International Engagement on Cyber: Establishing International Norms and Improved Cybersecurity (2011): 110.
“Four ways to address cyberconflict – and how analytics can help,” Intelligence Quarterly, a Journal of Advanced Analytics (2011).
“The Spectrum of National Responsibility for Cyberattacks,” Brown Journal of World Affairs 18, no. 1 (2011): 57.
Jason Healey and Greg Rattray, “Categorizing and Understanding Offensive Cyber Capabilities and Their Use,” Proceedings of a Workshop on Deterring Cyber Attacks: Informing Strategies and Developing Options for U.S. Policy (2010).
“Who’s in Control: Balance in Cyber’s Public-Private Sector Partnerships,” Georgetown Journal of International Affairs 18, no.3 (2017): 120.
“Why the FBI will eventually reveal its iPhone hack to Apple,” Christian Science Monitor (25 March 2016).
“How NSA reorganization could squander remaining trust,” Christian Science Monitor (4 February 2016).
“Overcome by Cyber Risks? Economic Benefits and Costs of Alternate Cyber Futures,” Atlantic Council (2015).
“Poisoning the Internet won’t stop more Paris attacks,” The Christian Science Monitor, 17 November 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/1117/Opinion-Poisoning-the-Internet-won-t-stop-more-Paris-attacks> (17 November 2015).
Anni Piiparinen and Jason Healey, “Did China Just Hack the International Court Adjudicating Its South China Sea Territorial Claims?” The Diplomat, 27 October 2015, <https://thediplomat.com/2015/10/did-china-just-hack-the-international-court-adjudicating-its-south-china-sea-territorial-claims/> (27 October 2015).
“Even if flawed, cyber theft deal with China a win for Obama,” The Christian Science Monitor, 25 September 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0925/Opinion-Even-if-flawed-cybertheft-deal-with-China-a-win-for-Obama> (25 September 2015).
“Restraint is the best weapon against Chinese hacks,” The Christian Science Monitor, 9 September 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0909/Opinion-Restraint-is-the-best-weapon-against-Chinese-hacks>(9 September 2015).
“#CyberDeflategate and the beginning of sports hacking” The Christian Science Monitor, 19 June 2015, <https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0619/Opinion-CyberDeflategate-and-the-beginning-of-sports-hacking> (19 June 2015).
“Commentary: Cyber Command as a 5-Year-Old,” Defense News, 19 June 2015,<https://www.defensenews.com/opinion/commentary/2015/06/09/commentary-cyber-command-as-a-5-year-old/> (19 June 2015).
“Estonia’s Democracy Goes Digital,” The National Interest, 17 March 2015 <http://www.atlanticcouncil.org/news/in-the-news/healey-estonia-s-democracy-goes-digital> (17 March 2015).
“Will 2015 be the year we shoot back in cyberspace?” (CSM Passcode, March 13, 2015)
“Confidence Building Measures in Cyberspace: A Multistakeholder Approach for Stability and Security,” Atlantic Council, 4 November 2014, <http://www.atlanticcouncil.org/publications/reports/confidence-building-measures-in-cyberspace-a-multistakeholder-approach-for-stability-and-security> (4 November 2014).
“The Internet: A Lawless Wild West?” The National Interest, 11 June 2014, <https://nationalinterest.org/feature/the-internet-lawless-wild-west-10638> (11 June 2014).
Jason Healey and Dan Riordan, “Managing Internet Risks to prevent a cyber catastrophe,” Denver Post, 29 April 2014, <https://www.denverpost.com/2014/04/29/managing-internet-risks-to-prevent-a-cyber-catastrophe/> (29 April 2014).
“Beyond data breaches,” Atlantic Council report with Zurich Insurance Group, 16 April 2014, <http://www.atlanticcouncil.org/images/publications/Zurich_Cyber_Risk_April_2014.pdf> (16 April 2014).
Jason Healey and Michael Kerner, “Surviving Cyber’s Subprime Moment” US News and World Report, 16 April 2014, <https://www.usnews.com/opinion/blogs/world-report/2014/04/16/how-to-survive-the-internets-subprime-mortgage-moment> (16 April 2014).
“How Emperor Alexander Militarized American Cyberspace,” Foreign Policy, 6 November 2013, <https://foreignpolicy.com/2013/11/06/how-emperor-alexander-militarized-american-cyberspace/> (6 November 2013).
“Time to split the Cyber ‘Deep State’ of NSA and Cyber Command,” Huffington Post, 2 October 2013, <https://www.huffingtonpost.com/jason-healey/keith-alexander-nsa-cyber-command_b_4031368.html> (2 October 2013).
“Don’t Worry About Cyber Retaliation After a Syria Strike,” US News and World Report, 7 September 2013 <https://www.usnews.com/opinion/blogs/world-report/2013/09/07/dont-worry-about-cyber-retaliation-after-a-syria-strike> (7 September 2013).
“On China Cyber Espionage, US Should Shout But Also Listen,” Atlantic Council, 18 April 2013, <http://www.atlanticcouncil.org/blogs/new-atlanticist/chinese-cyber-espionage-us-must-shout-but-also-listen> (18 April 2013).
“Stuxnet and the Dawn of Algorithmic Warfare,” Huffington Post, 16 April 2013, <https://www.huffingtonpost.com/jason-healey/stuxnet-cyberwarfare_b_3091274.html> (16 April 2013).
“North Korea’s Cyber Stunts Aren’t War, So Act Accordingly,” US News and World Report, 9 April 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/04/09/stopping-north-korean-cyber-attacks-starts-in-china> (9 April 2013).
“Cyberwar Isn’t An Existential Threat to the U.S.,” US News and World Report, 20 March 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/03/20/cyber-attacks-not-yet-an-existential-threat-to-the-us> (20 March 2013).
“Obama’s Cyberwarfare Strategy Will Backfire,” US News and World Report, 8 March 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/03/08/clandestine-american-strategy-on-cyberwarfare-will-backfire> (8 March 2013).
“How the U.S. Should Respond to Chinese Cyberespionage,” US News and World Report, 19 February 2013, <https://www.usnews.com/opinion/blogs/world-report/2013/02/19/how-the-us-should-respond-to-chinese-cyberespionage> (19 February 2013).
“Addressing Cyber Instability,” Cyber Conflict Studies Association, 2012, <http://www.atlanticcouncil.org/events/past-events/addressing-cyber-instability>.
“Cybersecurity Pipe Dreams,” The National Interest, 27 July 2012, <https://nationalinterest.org/commentary/cyber-security-pipe-dreams-7254>(27 July 2012).
“Cybersecurity Legislation Should Force US Government to Listen Less and Speak More,” The Atlantic, 15 March 2012, <https://www.theatlantic.com/technology/archive/2012/03/cybersecurity-legislation-should-force-us-government-to-listen-less-and-speak-more/254491/> (15 March 2012).
“Protecting Humanitarian Interests in Cyber Conflict,” Atlantic Council, 10 June 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/protecting-humanitarian-interests-in-cyber-conflict> (10 June 2011).
“Select Foreign Response to the U.S. International Cyber Strategy,” Atlantic Council’s New Atlanticist Blog, 31 May 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/select-foreign-response-to-the-us-international-cyber-strategy> (31 May 2011).
“Bringing a Gun to a Knife Fight: Striking Back in Cyber Conflict,” Atlantic Council, 24 May 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/bringing-a-gun-to-a-knife-fight-striking-back-in-cyber-conflict> (24 May 2011).
“Cyber Workforce Ferris Wheel,” Atlantic Council, 3 May 2011 <http://www.atlanticcouncil.org/blogs/new-atlanticist/cyber-workforce-ferris-wheel> (3 May 2011).
“America’s New Cyberspace Strategy,” Atlantic Council, 16 May 2011, <http://www.atlanticcouncil.org/blogs/new-atlanticist/americas-new-cyberspace-strategy> (16 May 2011).
Jason Healey and Greg Rattray, “Threat and Promise of Non-State Cyber Actors,” America’s Cyber Future: Security and Prosperity in the Information Age (2011).
“Breaking the Cyber-Sharing Logjam,” Atlantic Council, 1 February 2015, <http://www.atlanticcouncil.org/publications/reports/breaking-the-cyber-sharing-logjam> (18 February 2015).
“Winning and Losing in Cyberspace,” 2016 8th International Conference on Cyber Conflict (CyCon) (2016): 37-49 <https://ccdcoe.org/cycon/2016/proceedings/03_healey.pdf> (2016).