News

From online privacy to massive leaks of classified government documents, data breaches have become part of modern society. But in recent months cybersecurity has become a new wild card in our nation’s political process.

Earlier this summer, the Democratic National Committee’s computers were hacked, reportedly by Russian state actors. WikiLeaks founder Julian Assange released a trove of Hillary Clinton’s emails, with promises of more damaging revelations to come. And in August, the National Security Agency’s own hackers may have had some of their own hacking tools stolen by, yes, hackers.

None of this comes as a surprise to Jason Healey, a senior research scholar at the School of International and Public Affairs whose cybersecurity expertise has made him a recognized voice on these developments.

“There certainly has been an increase in these operations, in part driven by the worsening global security situation,” he said. “As relations deteriorate, especially with the Russians, we’re seeing not just more intrusions, but far more aggressive operations. They used to care about being quiet, but now they either use proxies or don’t really care if they get caught.”

Healey, who joined Columbia last year, has spent his entire working life in cybersecurity in one form or another, starting with his graduation from the United States Air Force Academy in 1991. He turned down a coveted pilot training slot to compete for a job as a signals intelligence officer, where he would be among those focusing on this relatively new field.

“It was already getting presidential and other senior level attention, certainly less so than now,” he said. “But there was also an understanding that, from a national security perspective, this new field was going to be important.”

After leaving the military in 2001, Healey did two stints in the private sector at Goldman Sachs, where he helped create and plan responses to possible cyber incidents at the investment bank, and worked in the George W. Bush White House as director of infrastructure protection. He later joined the Atlantic Council, where he directed the Cyber Statecraft Initiative, a think tank. Last year, he was invited by the School of International and Public Affairs dean, Merit Janow, to join the faculty.

“A lot of the people are getting into the field only recently or only coming at it from an academic perspective,” he said. “I’ve had the advantage of having been a practitioner from nearly the start.”

Jason Healey

Position

• Senior Research Scholar in Cyber Conflict Studies,
• School of International and Public Affairs

Joined Faculty

• 2015

History

• Director, Cyber Statecraft Initiative, Atlantic Council, 2011-2015
• Cybersecurity Consultant, 2009-2012
• Vice President, Asia Crisis Management, Goldman Sachs, 2006-2009
• Director of Infrastructure Protection, The White House, 2003-2005
• Cyber Response Coordinator, Goldman Sachs, 2001-2003
• Signals Intelligence Officer, U.S. Air Force, 1991-2001

Q. You’ve been in cybersecurity a quarter-century. Are there different, greater, risks today?

A. Our vulnerability is higher, our dependence on the internet is higher. More groups are involved. After the Snowden revelations, you heard the hardcore national security folks saying, “Hey, this is the way the game is played. How can you be surprised?” But this isn’t just the same old espionage played in a new place, this isn’t just the internet as a domain of espionage. It’s a new chapter.

Q. In what way?

A. The internet, and all that has followed from it, is the most transformative technology that has come out of human minds since Gutenberg. Alright, so it’s one of the top two or three—electricity is pretty cool too. It adds tens of billions to our gross domestic product, yet we still have a significant portion of Washington, D.C., the groups that have the biggest budgets, looking to say how can we continue to exploit this, by continuing to say that encryption must bend to government.

Q. You’re referring to the issues raised by the struggle between the Justice Department and Apple on accessing the phone of the San Bernardino killer. What is your view on that?

A. During the Apple case the government essentially said, “Look, we just want the information. We’ll give you a phone and a warrant and you give us the information and you keep control of the phone, you can keep control of the process.” That struck me as not a bad deal. You might get violations of individual privacy, but you don’t get something that I am more worried about, constitutionally, which is doing it one at a time with no explicit policy on how to handle it. And there is a policy, a presidential directive from January 2014, that when the government finds a vulnerability it tells the vendor, because it is more important to patch it than to keep it for ourselves. If the NSA, or FBI, doesn’t want to do that, they have to prove why. In the San Bernardino case, the FBI ultimately got into the phone by paying a hacker, and then it told Apple, essentially, “Sorry, we don’t know what the vulnerability is. We only bought the use of it.”

Q. You now have the government, and private industry, sponsoring hack-a-thons and paying rewards to hackers who find bugs in their software. Is this an efficient way to plug security holes? Is the marketplace an answer to some cybersecurity issues?

A. When it comes to stopping cyberattacks or resolving cyber conflicts, the government has very few levers it can use to make it better. Most of the problems are solved by the private sector. Looking back at the history of cyber conflict, it turns out the private sector has agility, subject matter expertise and the ability to directly control cyberspace. They are building and maintaining it every day, after all. Governments have almost none of those advantages. Rather they tend to have bigger budgets, more staying power, and access to other levers of power. The best solutions come from combining these two.

Q. You’ve worked on cybersecurity in the private and public sectors. Are the issues different?

A. Most companies are clear about what they want, which is they want to be secure. They may be conflicted about how much they’re willing to spend for it, or how much convenience they are willing to give up to their employees for better security. But those are conflicts all going to the same goal. So the government has those same goals. How do you keep the Department of Defense secure, or Commerce? The Department of Education has records of everyone who has taken out a student loan. There are all sorts of poorly funded agencies that have incredible details on us. But government also has this fight between how much do we want to prioritize defense for innovation, for the economy, for the health and welfare of our citizens, versus how much are we going to work against that so we can still spy on our adversaries, we can attack them when we need to, and we can catch criminals.

Q. What are examples of cybersecurity threats to companies?

A. They can range from denial of service attacks, to hacks of customers’ financial and personal information. There is a significant risk that research and development information can be stolen, and sometimes companies figure out what has been taken and may decide not to pursue research leads. Sometimes, what is breached isn’t necessarily a plan or trade secret, it could be a negotiating strategy. There’s an instance of a U.S. company bidding for oil and gas lots, and it found it was competing against a Chinese company that bid one dollar more. It’s difficult to find out how big a problem this is and what financial impact it has on the market.

Q. What is your research focus right now?

A. About half of it is on cyber conflict, deterrents and escalation. A lot of the military thinking on this, and other countries that follow our lead, seems very short-term. They’re not thinking about the response: what is the other side going to do? There’s a lot of debate on cyber deterrents, which just means that we want to scare the other guys so they stop. It is less about stability than deterrence: how can we do what we want and keep the other guys from doing what they want? As it turns out deterrence works against itself: If you brandish cyber capabilities there’s very little evidence that the other side will back down. Rather they accelerate their own capabilities and operations.

Q. Are you working on any projects within Columbia?

A. Matthew Waxman [a professor at Columbia Law School], Steve Bellovin [a computer science professor at Columbia Engineering] and I have won a grant through the Columbia Global Policy Institute to look at privacy and security issues. I also have colleagues at the Journalism School and Business School working on similar topics. And because I worked in finance and still have a lot of friends downtown, the dean asked me to work on the New York Cyber Task Force. It brings together a lot of financial cyber-executives and academics, from Columbia and people from Microsoft and other companies, trying to say, “Alright, how can we get the internet more defensible?”

Q. What has changed since you began as a signals intelligence officer 25 years ago?

A. What strikes me more is what hasn’t changed. When I look back at the things that we were preparing for then, versus what we’re looking at today, we were focused on what we could do to protect our communications from the bad guy, which in those days was the Soviets. How could we try to figure out their communications and their secrets, and protect our codes and ciphers and then try and break their codes and their ciphers. In those days the technology was almost entirely military. Now the same technology underpins the internet, it’s used for Facebook, on internal technologies used by global companies, or by all of us for everything all of the time. It’s the basis of our innovation, the basis of our economy.

—Interviewed by Bridget O'Brian

Dear fellow members of the Columbia community:

Yesterday, the National Labor Relations Board (NLRB) reversed a position it has held for the past 12 years and decided that students at private universities may be treated as employees for the purposes of the National Labor Relations Act when they are appointed to positions as teaching assistants or research assistants. The decision overturns a 2004 ruling involving Brown University.

More than a decade has passed since Carla Shedd began her research about urban adolescents in Chicago. As a Ph.D. student in sociology at Northwestern, she found neighborhoods dominated by gangs, 13-year-old students carrying guns and schools that were deeply divided along racial and social lines.

Not much has changed.

“One would have hoped that we wouldn’t still be talking about inequality in 2016, but we are,” said Shedd, an assistant professor of sociology at Columbia and author of the recently published Unequal City: Race, Schools and Perceptions of Injustice. “It’s not just Chicago, it’s a national story. Schools are just as segregated as they were in the 1960s.”

Thomas Trebat, an economist and political analyst, is director of the Columbia Global Centers, Rio de Janeiro. A former Latin America analyst on Wall Street, he now travels extensively in Brazil to build the University’s connections with partner institutions in government and academia. Trebat is also an adjunct professor at Columbia’s School of International and Public Affairs where his research focus is the role of the state in the Brazilian economy.

Dr. Stephen S. Morse is a professor of epidemiology at Columbia University Medical Center and an expert in global and public health. He cooperates with scientists world wide on research and the development of early warning and response systems for the prevention of infectious diseases. His book, Emerging Viruses was selected by American Scientist for its list of “Top 100 Science Books of the 20th Century.”

Dr. Stephen S. Morse is a professor of epidemiology at Columbia University Medical Center and an expert in global and public health. He cooperates with scientists world wide on research and the development of early warning and response systems for the prevention of infectious diseases. His book, Emerging Viruses (Oxford University Press) was selected by American Scientist for its list of “Top 100 Science Books of the 20th Century.”

More Information: news.columbia.edu/morseonzika

Kartik Chandran, associate professor of earth and environmental engineering, is an authority on environmentally sustainable wastewater treatment and sanitation. He has been collaborating with research groups in Brazil focused on energy-efficient wastewater treatment. One goal is for an existing sewage treatment plant to discharge better water quality into Guanabara Bay, where sailing events for the 2016 Olympic Games will be held, while also emitting smaller amounts of greenhouse gases.

James Schamus is a longtime film professor at the School of Arts, where this fall he will teach courses on “Topics in American Film” and “The Western.” Last year, he was inducted into the 25 Year Club at Columbia. “The dinner was great fun and I was presented with a very nice Tiffany picture frame,” he said.

Turkuler Isiksel was born in Turkey but left to attend university in Edinburgh, later receiving her Ph.D. from Yale. Trained as a political theorist, she now teaches in the Department of Political Science and is the James P. Shenton assistant professor of the Core Curriculum. She is also a member of the Committee on Global Thought. Columbia News asked her to explain the situation after the failed coup against President Recep Tayyip Erdogan has left the country in disarray. Erdogan has declared a three-month state of emergency, which would allow him and his cabinet to draft new laws and suspend some individual rights without the approval of the Turkish parliament.

Thomas Trebat, an economist and political analyst, is director of the Columbia Global Centers, Rio de Janeiro. A former Latin America analyst on Wall Street, he now travels extensively in Brazil to build the University’s connections with partner institutions in government and academia. Trebat is also an adjunct professor at Columbia’s School of International and Public Affairs where his research focus is the role of the state in the Brazilian economy.

more information: news.columbia.edu/content/1232

Chandran has been collaborating with research groups in Brazil focused on facilitating energy efficient wastewater treatment there. Through this approach, sewage treatment plants can discharge better water quality to receiving water bodies such as Guanabara Bay, where sailing events for the 2016 Olympic Games will be held. Additionally, such improvements to water quality can be achieved while emitting lower amounts of greenhouse gases. Recently Chandran led a team of Columbia students, who developed bioprocess technologies to enhance the capacity of the Alegria sewage treatment plant, which discharges to Guanabara Bay. The technology was prototyped at Columbia and the prototype was demonstrated in Rio de Janeiro. Chandran has been instrumental in the similar upgrade of the wastewater treatment infrastructure of New York City for enhancing the degree of treatment and ultimately protecting very sensitive water bodies surrounding New York City. Chandran is an authority on environmentally sustainable wastewater treatment and sanitation. He was named a 2015 MacArthur Fellow for his work in “transforming wastewater from a pollutant requiring disposal to a resource for useful products, such as commodity chemicals, energy sources, and fertilizers.” His current work includes water utility partners around the globe focused on improving water quality, while simultaneously using far lower amounts of energy and chemicals and actually recovering chemicals and energy.

more information: news.columbia.edu/content/How-Rio-Can-Clean-Polluted-Waters-in-Time-for-2016-Olympic-Games

Chicago, the city beautiful. Courtesy of the Avery Architectural and Fine Arts Library.

Avery Architectural and Fine Arts Library’s American Viewbooks Collection provides pictorial documentation of the growth of cities and towns across the United States from the mid-19th century to the early 20th century. The collection's more than 4,000 titles were published in a variety of formats, including printed books, photographic albums and accordion-fold booklets.

“The viewbooks present a sweeping vision of the changing American landscape,” said Carole Ann Fabian, Avery’s director. “The images chart the growth of rural areas into towns and cities, the advance of the railroad across the country and the rising popularity of county fairs and national expositions—the documentation of architecture and urbanism in an expanding country.”

On view are images of buildings, streetscapes, monuments and parklands with accompanying text that describes the growth of agriculture and local industries, stunning natural scenery, the construction of major buildings, the development of transportation networks and the characteristics of regional architectural styles.

One 1915 viewbook contains pastoralperfect images of New Holstein, in the Lake Winnebago region of Eastern Wisconsin, a glowing advertisement for the town’s agricultural and manufacturing products, whether seed peas or cigars. In contrast, an early 20th-century viewbook of Cleveland focuses on the nitty-gritty of urban industry.

A selection of viewbooks are on display in the Avery Classics Reading Room from June 20 through October 31.

Who He Is

Associate Vice President for Strategic Policy and Program Implementation

Years at Columbia

9