66 ISE Magazine | www.iise.org/ISEmagazine

with Natalie M. Scala

Natalie M. Scala is an assistant professor

and director of graduate programs in

supply chain management and project,

program and portfolio management in the

College of Business and Economics at

Towson University in Towson, Maryland.

She earned her Ph.D. and M.S. degrees in

industrial engineering from the University

of Pittsburgh. Her primary research is in

decision analysis with a focus on military

applications and cybersecurity, and she

currently teaches courses on business

analytics. She recently led a research

effort to secure election processes in

Maryland. Scala frequently consults with

government clients and has extensive

professional experience. Her ﬁrst book,

a co-edited volume titled Handbook of

Military and Defense Operations Research,

is forthcoming in early 2020. She is

a member of IISE and the Society for

Engineering Management Systems.

What’s

Your

Story?

What are the latest challenges in cybersecurity?

Cybersecurity research has really taken off in the last few years. Many computer

scientists and engineers are working in this area, but we haven’t seen a lot of process-

based implementation research in cyber. Really great algorithms and red team/blue

team research is being done, but getting companies and organizations to actually

implement these cutting-edge algorithms and a security mindset is another story.

There is a great opportunity for IEs to contribute to this.

How is ISE problem-solving being used to secure elections?

Most of the research is done at the state level and looks at aggregating votes and the

security of voter registration databases. We don’t see a lot of research at the local level

or polling places. The public interacts with the voting process at a polling place,

so their perceptions of security and the integrity of their votes happens there. Our

research looks at the processes at polling places and how they can be improved as well

as potential risks identiﬁed and mitigated.

We are looking at two main themes, both focused on polling places at the local

level. The ﬁrst is a risk model for polling places that examines when cyber, physical

and insider threats may emerge in the process, either at polling place setup, during

voting or end of the day takedown. Based on when those threats emerge, we can then

create methods and processes to mitigate them. My co-author is Col. Paul Goethals

(U.S. Military Academy).

The second project develops training modules for election judges so they can

become aware of potential cyber, physical and insider threats. The goal is to enable

judges to identify potential issues and threats and work to mitigate those threats.

Currently judges do not receive any cyber or threat-related training before the

election, so these modules ﬁll a practical gap. The work thus far has led to two

accepted/published papers on elections security.

How have your ﬁndings been received by election ofﬁcials?

We have partnered with a midsized county in Maryland. Maryland uses the same

elections equipment and essentially the same processes, so the models and modules

we create using the case study county can be applied across the state. Having the

same equipment and processes across an entire state is not standard in the U.S.;

each state/district/territory has control of its own elections. The case study county

has been very receptive to our research and has consistently provided us data.

We’ve also toured a mock polling place and done an extensive literature review.

We have worked in partnership with the county and the training modules we’ve

created will be implemented there, and we are working to enable other counties

across Maryland to also implement our training materials. The training modules

and the data in the risk model can be updated/adapted for equipment and pro-

cesses in other states.

What is ahead for election cybersecurity in 2020 and beyond?

Mainstream media have reported on the ongoing and evolving threats to our elec-

tions, which could come from foreign adversaries. Our goal is to have the training

modules in place for the 2020 elections cycle, so at a minimum election judges in

Maryland will be trained to identify, respond to and mitigate potential cyber, physical

and insider threats as they may evolve and happen at a polling place. Election judges

are the ﬁrst line of defense, so enabling them to interact with the process in a mean-

ingful and secure way will help to increase security and maintain the integrity of

votes cast of Election Day.

— Interview by Tammy Whiteside

IISE-UL offers your workforce the bite-sized, quick-hit information today’s generation

of students and workers yearns for.

Lean Six Sigma training in the era of Industry 4.0 requires customization, ﬂexibility

and value for money – and that’s what IISE and UL’s partnership has delivered. Pick

from 6 belts and 5 certiﬁcates based on your employees’ and students’ career track,

needs and responsibilities – with Lean Six Sigma Green Belt price points starting at

less than $1,000 (further discounts available).

You’re in a quandary. Your workers and leaders need training, but you

don’t have the budget or time to send them far afield.

That’s OK. IISE’s trainers will bring our IACET-certified courses to you,

bringing the same – or customized – corporate training that in the last

few years has helped high-performing organizations save more than

$82 million (averaging more than $700,000 per project).

• Instructors who have years of experience in virtually every

business sector

• Examples of practical applications for your workforce

• Free your internal experts to work, not become part-time trainers

Contact Larry Aft, PE | (770) 349-1130 | laft@iise.org

One visit from IISE

could save you millions

Tailored or off the shelf, IISE training

turns your problems into opportunities

“When individuals are performing due diligence regarding

the selection of training providers the fact that IISE

continuing education courses are accredited by IACET is

often the deciding factor. This assures that our courses

meet the standards of an internationally recognized

agency and that the participants can be assured that they

will receive their training from a recognized provider.”

– Larry Aft, PE, Fellow IISE and ASQ

Director Continuing Education, IISE

INSTRUCTORS

Larry Aft, PE Paul Odomirok

Steven Thompson Beth Cudney, Ph.D.

Jasbir Kumar Elizabeth Gentry, Ph.D.

All Six Sigma classes are

compliant with ISO 13053.

IISE is an IACET

Authorized Provider.