66 ISE Magazine | www.iise.org/ISEmagazine
with Natalie M. Scala
Natalie M. Scala is an assistant professor
and director of graduate programs in
supply chain management and project,
program and portfolio management in the
College of Business and Economics at
Towson University in Towson, Maryland.
She earned her Ph.D. and M.S. degrees in
industrial engineering from the University
of Pittsburgh. Her primary research is in
decision analysis with a focus on military
applications and cybersecurity, and she
currently teaches courses on business
analytics. She recently led a research
effort to secure election processes in
Maryland. Scala frequently consults with
government clients and has extensive
professional experience. Her first book,
a co-edited volume titled Handbook of
Military and Defense Operations Research,
is forthcoming in early 2020. She is
a member of IISE and the Society for
Engineering Management Systems.
What are the latest challenges in cybersecurity?
Cybersecurity research has really taken off in the last few years. Many computer
scientists and engineers are working in this area, but we havent seen a lot of process-
based implementation research in cyber. Really great algorithms and red team/blue
team research is being done, but getting companies and organizations to actually
implement these cutting-edge algorithms and a security mindset is another story.
There is a great opportunity for IEs to contribute to this.
How is ISE problem-solving being used to secure elections?
Most of the research is done at the state level and looks at aggregating votes and the
security of voter registration databases. We dont see a lot of research at the local level
or polling places. The public interacts with the voting process at a polling place,
so their perceptions of security and the integrity of their votes happens there. Our
research looks at the processes at polling places and how they can be improved as well
as potential risks identified and mitigated.
We are looking at two main themes, both focused on polling places at the local
level. The first is a risk model for polling places that examines when cyber, physical
and insider threats may emerge in the process, either at polling place setup, during
voting or end of the day takedown. Based on when those threats emerge, we can then
create methods and processes to mitigate them. My co-author is Col. Paul Goethals
(U.S. Military Academy).
The second project develops training modules for election judges so they can
become aware of potential cyber, physical and insider threats. The goal is to enable
judges to identify potential issues and threats and work to mitigate those threats.
Currently judges do not receive any cyber or threat-related training before the
election, so these modules fill a practical gap. The work thus far has led to two
accepted/published papers on elections security.
How have your findings been received by election ofcials?
We have partnered with a midsized county in Maryland. Maryland uses the same
elections equipment and essentially the same processes, so the models and modules
we create using the case study county can be applied across the state. Having the
same equipment and processes across an entire state is not standard in the U.S.;
each state/district/territory has control of its own elections. The case study county
has been very receptive to our research and has consistently provided us data.
We’ve also toured a mock polling place and done an extensive literature review.
We have worked in partnership with the county and the training modules weve
created will be implemented there, and we are working to enable other counties
across Maryland to also implement our training materials. The training modules
and the data in the risk model can be updated/adapted for equipment and pro-
cesses in other states.
What is ahead for election cybersecurity in 2020 and beyond?
Mainstream media have reported on the ongoing and evolving threats to our elec-
tions, which could come from foreign adversaries. Our goal is to have the training
modules in place for the 2020 elections cycle, so at a minimum election judges in
Maryland will be trained to identify, respond to and mitigate potential cyber, physical
and insider threats as they may evolve and happen at a polling place. Election judges
are the first line of defense, so enabling them to interact with the process in a mean-
ingful and secure way will help to increase security and maintain the integrity of
votes cast of Election Day.
— Interview by Tammy Whiteside
IISE-UL offers your workforce the bite-sized, quick-hit information today’s generation
of students and workers yearns for.
Lean Six Sigma training in the era of Industry 4.0 requires customization, flexibility
and value for money – and thats what IISE and ULs partnership has delivered. Pick
from 6 belts and 5 certificates based on your employees’ and students’ career track,
needs and responsibilities – with Lean Six Sigma Green Belt price points starting at
less than $1,000 (further discounts available).
You’re in a quandary. Your workers and leaders need training, but you
don’t have the budget or time to send them far afield.
That’s OK. IISE’s trainers will bring our IACET-certified courses to you,
bringing the same – or customized – corporate training that in the last
few years has helped high-performing organizations save more than
$82 million (averaging more than $700,000 per project).
• Instructors who have years of experience in virtually every
business sector
• Examples of practical applications for your workforce
• Free your internal experts to work, not become part-time trainers
Contact Larry Aft, PE | (770) 349-1130 | laft@iise.org
One visit from IISE
could save you millions
Tailored or off the shelf, IISE training
turns your problems into opportunities
“When individuals are performing due diligence regarding
the selection of training providers the fact that IISE
continuing education courses are accredited by IACET is
often the deciding factor. This assures that our courses
meet the standards of an internationally recognized
agency and that the participants can be assured that they
will receive their training from a recognized provider.”
– Larry Aft, PE, Fellow IISE and ASQ
Director Continuing Education, IISE
Larry Aft, PE Paul Odomirok
Steven Thompson Beth Cudney, Ph.D.
Jasbir Kumar Elizabeth Gentry, Ph.D.
All Six Sigma classes are
compliant with ISO 13053.
Authorized Provider.