Research Team Status

• Names of researchers and position 
  (e.g. Research Scientist, PostDoc, Student (Undergrad/Masters/PhD)

1. Dr. Natalie M. Scala, PI
2. Dr. Josh Dehlinger, co-PI
3. Navya Gautam, Graduate Research Student at Georgia Tech (funded by this project, contractual)
4. Noah Hibbler, Undergraduate Research Student at University of Maryland, College Park (unfunded, for course credit)
5. Mallige Anand, Undergraduate Research Student at University of Maryland, College Park (unfunded, for course credit)
6. Methasha Bambarande-Hewage, Undergraduate Research Student at University of Maryland, College Park (unfunded, for course credit)
7. Audrey Knight, Undergraduate Research Student (funded by this project)
8. Marie Kouassi, Graduate Research Student (funded by this project)
9. Alisa Martin, Graduate Research Student (funded by this project)
10. Andrew McNeill, Graduate Research Student (funded by this project)
11. Chinwendu Uche, Graduate Research Student (funded by this project)
12. Vince Schiavone, Research Specialist (funded by this project, contingent)
13. Skylar Gayhart, Research Specialist (funded by this project, contingent)
14. Katherine Tan, Undergraduate Research Student (funded by this project)
15. Sadie Barret, Graduate Research Student (funded by Towson University) 
     

• Any new collaborations with other universities/researchers?

  No new collaborations were created during this reporting period. 

  However, collaborations with other universities/researchers since the start of this funded project (9/1/23) include:

1. PI Scala has a faculty affiliation with the Applied Research Lab for Intelligence and Security (ARLIS) at the University of Maryland, College Park.  That affiliation has introduced this research team to bright and promising research students, including Shreenidhi Ayinala, Aaryan Patel, Navya Gautam, Noah Hibbler, Mallige Anand, and Methasha Bambarande-Hewage.  Ongoing connections with the University of Maryland’s Advanced Cybersecurity Experience for Students (ACES) and Dr. Michel Cukier have introduced us to other promising students, including two future potential undergraduate research students.  We continue our relationships with ARLIS and ACES to include contingent and course credit students on this project.

2. While not directly related to granted activities proposed in the current solicitation, synergistic collaborations with Dr. Thessalia Merivaki (Georgetown University) and the Anne Arundel County Board of Elections continue.  Current work consists of security and trust research in critical infrastructure. Note, no Science of Security funding was/is used for this synergistic collaboration.  

    

Project Goals

• What is the current project goal?
  The accepted proposal defined three main goals (cf. Table 1 in Technical Proposal) to achieve throughout the duration of the project, as follows:

1. To develop and disseminate a systematic threat and mitigation analysis approach for cyber, physical, and insider risks that addresses the actions of adversaries and trusted insiders and is applicable to national critical infrastructure socio-technical systems and processes.
2. To create a framework to model relative likelihood risk assessments, including the actions of adversaries and trusted insiders as contributors to cyber, physical, and insider threat scenarios.

3. To develop, model, and analyze policy implications and security mitigations (e.g., adversarial implications, human behavior interdictions) and their ability to reduce cyber, physical, and insider risks to socio-technical critical infrastructure.

   Based on the project timeline given in the accepted proposal, the following tasks/outcomes (cf. Table 2 in Technical Proposal) were defined for the second year of the project (i.e., option year 1), primarily supporting Project Goals 1 and 2, as follows:

• A risk assessment of threat scenarios on the updated attack tree that considers insider / adversarial attack costs and technical difficulties as well as information assurance assessments of the difficulties to discover an attack.
• The identification of risks of most concern within the process across temporal phases.
• The dissemination of the threat and mitigation analyses results.

• An assessment of the systemic threat and mitigation analysis approach's utility for use in national critical infrastructure socio-technical systems and processes, and recommendations for the adoption of the approach at the national level

  Regarding task/outcome 1, our team continues to modify and enhance the AT-AT (Attack Tree Analysis Tool) code to analyze cyber, physical, and insider threat scenarios as defined on the threat tree created during the base year of the project.  Although this tool is demonstrated on elections equipment, the source code may be applied to any critical infrastructure within the United States.  Scenario analyses have been generated following the security assessment approach first proposed by Du and Zhu (2013).  We adapt the scales in this framework to assess cyber, physical, and insider threats via associated attack costs, technical difficulty, and discovery difficulty.  This task is essentially complete, pending any new insights gained throughout the course of the research.

  Regarding task/outcome 2, we utilized the developed tool to generate 70,000+ threat scenarios within the case study critical infrastructure equipment.  Sensitivity analysis is nearing completion to ensure that the scenario assessments are robust.  To perform the sensitivity analysis, we follow the approach posed in Scala, et al. (2022), which was built from foundational research in Goodwin and Wright (2004).

  Regarding task/outcome 3, we continue to disseminate this research and its corresponding results.  Recent publications and media engagements related to this work are outlined in the Publications and Presentations section below.

  Regarding task/outcome 4, we continue the validation process for our framework.  Our case study is precinct count optical scanning (PCOS) voting machines, an example of critical infrastructure equipment in the United States.  Our first validation step is to test the framework on related voting equipment, ballot marking devices (BMD).  Once we establish a use case validation, we will then extend this work to generalize for other forms of U.S. critical infrastructure.  This task/outcome is scheduled for option years 1 and 2, and work is continuing on validation and policy recommendations.

  The culmination of these four detailed tasks/outcomes leads towards achieving the overarching project goals. 

How does the current goal factor into the long-term goal of the project?

The long-term goal/vision of the project, as detailed in the accepted proposal, is to “model the relative risks of adversaries and trusted insiders exploiting threat scenarios in developed attack trees, using critical infrastructure precinct count optical scanner (PCOS), in-person voting machines as a case study”. Project goal 1 analyzes the existing, 2009 Elections Assistance Commission’s threat tree for the PCOS voting system, the critical national infrastructure system selected as a case study for this project, and develops a comprehensive, updated threat tree (and other security analysis artifacts) reflecting new threats and the adaptive adversaries to be able to develop threat scenarios and mitigation strategies, project goals 2 and 3. 

Accomplishments

• Address whether project milestones were met. If milestones were not met, explain why, and what are the next steps.

  The project tasks/outcomes 1-4, as described in the prior sections, remain the targeted milestones for project option years 1 and 2, as defined in the proposal. Each of these tasks/outcomes are ongoing and proceeding according to the timeline given in the accepted proposal. 

The next steps are to (1) continue to improve the AT-AT tool to support task/outcome 2; (2) continue to draft manuscripts for external publication submission, in support of task/outcome 3; and, (3) perform a test of scenario generation on BMD devices as a first validation step of this framework.
 

• What is the contribution to foundational cybersecurity research? Was there something discovered or confirmed?

  As we move through the research, updated threat threes provide a contribution to critical infrastructure security research.  The security assessment method used (i.e., incorporating a holistic, cyber, physical, and insider threat analysis and threat/mitigation cost assessment) will serve as a contribution to how critical infrastructure socio-technical systems could be assessed in the context of system security/integrity.  When the AT-AT tool is completed in an initial version, this tool contribution will be publicly available through the SoS VO. 
   

• Impact of research

  • Internal to the university (coursework/curriculum)

  The following impacts of research are internal to Towson University made during this reporting period. 

1. PI Scala continues as a Cyber Fellow within the Center for Interdisciplinary & Innovative Cybersecurity (i.e., Cyber Center) at Towson University. This support allows the project team to sustain a permanent student and faculty research lab space within the Cyber Center, which includes significant computing equipment for the student research team and state of the art video conferencing equipment to collaborate with the students at UMS and GT as well as external synergistic collaborators in Anne Arundel County and at Georgetown.
2. Secondly, although not directly related (and not funded) to activities proposed in the accepted proposal, this project has synergistically allowed the PIs to support the Professional Studies MS program at Towson University in its development of a focus track in Election Security and Democracy.  This program of study includes the study of risk assessments, which, generally speaking for all critical infrastructure, are a core outcome of this research contract.  No funding from Science of Security was/is used to support the Professional Studies MS program.
3. Finally, this project has impacted over 20 Towson University undergraduate and graduate students involved in this project pursuing degrees in Computer Science, Mathematics, Supply Chain Management, Business Administration, Accounting, etc. who, if not for involvement in this project, would not otherwise have gained experience in authentic cybersecurity assessment research or, more specifically, critical infrastructure research. 

• External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)

As this project is still progressing, there have not been any research impacts external to the university to currently report. 

• Any acknowledgements, awards, or references in media?

There are no acknowledgements, awards, and/or references in the media regarding this project since the prior 2025 quarterly report (February 2025).

Publications and presentations

• Add publication reference in the publications section below. An authors copy or final should be added in the report file(s) section. This is for NSA's review only.
• Optionally, upload technical presentation slides that may go into greater detail. For NSA's review only.

Accepted/published abstracts/presentations directly related (or funded by) to the project proposal during the current reporting quarter:

• Offor, S., et al. “Securing U.S. Elections: Threats, Vulnerabilities, Mitigations, and Opportunities for Technology”. Abstract accepted to American Society for Engineering Management (ASEM) 2025 International Annual Conference and 46th Annual Meeting (ASEM’25). Boise, ID. September 24-27, 2025.
• Nguyen, H., et al. “Improving Election System Security Through Software Failure Modes Effects Analysis”. Abstract accepted to American Society for Engineering Management (ASEM) 2025 International Annual Conference and 46th Annual Meeting (ASEM’25). Boise, ID. September 24-27, 2025.
• Nguyen, H., et al. “Application of Software Failure Modes and Effects Analysis to Improve Election Security”. Presentation accepted to 2025 International Industrial and Systems Engineering Annual Conference & Expo (IISE’25). Atlanta, GA. May 29-June 1, 2025.
• Scala, N. M. and Dehlinger, J. “Quantitative Threat Modeling and Risk Assessment of Election Systems”. Poster/Demo. In 2025 Hot Topics in the Science of Security Symposium (HotSoS’25). Virtual. April 1-3, 2025.

Synergistic accepted/published articles/presentations that are not directly related (or funded by) to the accepted project proposal during the current reporting quarter:

• Offor, S., et al. “A Way Forward in Election Security: Technology and Security Considerations”. Presentation accepted to 2025 International Industrial and Systems Engineering Annual Conference & Expo (IISE’25). Atlanta, GA. May 29-June 1, 2025.