Exploring Russian Tampering in the U.S. Presidential Election

A conversation with MPS Cyber Policy & Risk Analysis graduate, Joy London.

We talked to graduate Joy London, an inaugural graduate of Utica College’s MPS Cyber Policy & Risk Analysis program, about her capstone project, her choice of Utica College for her cyber policy education, and her overall student experience.

What’s your background?

I grew up and live in New York City. I’ve traveled extensively throughout the US, Canada, Europe, the Caribbean, Australia, New Zealand, and even the Arctic Circle. In the summer of 2014, I circumnavigated Svalbard (a group of islands midway between Norway and the North Pole) aboard the MS Fram, an icebreaker, in search of endangered polar bears.

I'm a lawyer. I practiced law and then turned my attention to the Internet and the digitization of information. In 2000, I began work as a knowledge manager in international law firms, as well as one of the Big Four consulting firms. A lot of people ask, “What the heck is knowledge management or “KM?” And is it possible to manage knowledge?” KM involves getting the right information, to the right people, at the right time.

For instance, at a law firm, an attorney might ask a question like, “Have we ever drafted a stock purchase agreement in telecommunications in Venezuela?” When law firms were very small operations, it was easier to find an answer to that question. You just went down the hall and asked, or phoned, your fellow colleagues. But in today’s huge mega-firms, with worldwide offices, there is a more efficient way to ask that kind of question and get a response, even quickly! I designed digital “knowledge banks” to find answers to those kinds of questions, so lawyers could know the firm’s experience in that kind of transaction.

The point of KM is not to re-invent the wheel. It’s helping to locate, harvest, curate, and disseminate the organization's intellectual capital. In a professional service firm, like a law firm, or an architectural or a consulting firm, the service provided to clients is, essentially, knowledge. With large, global organizations, it’s very hard to keep track of the intellectual capital, that is, the knowledge inside the heads of all your partners and associates. Creating best practices and designing databases that can be tapped into for access to the collective knowledge of the firm, throughout various milestones of a transactional deal or a litigation case, is what makes the competitive advantage of one organization over another.

Did you have a technology background prior to starting the MPS Cyber Policy & Risk Analysis program?

No, I did not. I got my JD from Temple University School of Law in Philadelphia and a BA in political science from Hunter College in New York City. I realized that what really attracted me to law was not litigation or transactional work, but more of the analysis and policy aspects of law.

I worked for a legal publishing company for many years, and I was the editor of several prominent legal reference books. Then the Internet hit. I got hooked on all the information on the web. That's when I began to work at a Wall Street law firm in the field of KM. While I was there, I got a Certificate in Information Management from New York University.

When I entered the program at Utica, I had this quirky skill set that combined a legal background and information management. I did not become a techie per se, but I was able to understand enough of the technical side of database design, coupled with my understanding of the business side of law, that I could successfully liaise between the business and the tech team to create these knowledge banks.

Advance your career with Utica

What can a degree in Criminal Justice do for you?

Find Out

How did you become interested in the MPS Cyber Policy & Risk Analysis program?

I wanted to study cybersecurity, but in a non-technical program. There were tons of cybersecurity programs out there—bachelor’s, master’s and PhD programs. I knew I didn’t have the computer science background necessary to succeed in a hardcore cybersecurity master’s program.

My concern was that I'm not a computer technologist. I know a little bit about it and can talk about it at a high level, but if the program was geared towards strict cybersecurity principles, I knew that it would not be the right program for me.

But Utica College’s MPS program had just the right balance of courses covering cybersecurity, law, public policy, politics, ethics and international relations. And I felt confident that I would not be a cog in the wheel of a much larger educational institution where it would be unlikely for me to receive individual attention.

I was also excited to be a part of Utica’s inaugural MPS program, where I could provide feedback to the director of the program, as well as the faculty, on ways to enrich the program for future cohorts. Finally, I wanted to stay in New York City, and Utica’s flexible program was available online. Perfect.

Tell us more about your capstone project.

Early in the MPS program, students were required to take CYB 668: Organizational Risk Management Frameworks with Professor Michael Craig. Students were required to write an organization risk management plan for a public or private organization. At the time, I was a volunteer with the Hillary for America 2016 U.S. Presidential Campaign. I approached the campaign’s volunteer coordinator and he invited me to join Clinton’s Cybersecurity Working Group. For the CYB 668 class, I wrote a hypothetical risk management plan for the campaign’s key digital assets.

My interest in cybersecurity in politics continued. I contacted Utica cybersecurity professor Austen Givens about his paper, The GOP Blueprint for Cybersecurity in the 2016 Presidential Election. Although Mr. Givens was not one of my professors, we exchanged ideas on how important good cyber hygiene is for all candidates during an election. In fact, now there’s The Cybersecurity Campaign Playbook, published by Harvard Kennedy School.

I finalized my capstone topic during the January 2017 break. During that first week in January, the Office of the Director of National Intelligence concluded that Russian intelligence agents scanned or probed as many as 21 state voter registration systems. I wanted to understand the Russian government’s motives for tampering with a part of our election infrastructure that is not responsible for vote tallying. What were the Russians up to? If they wanted to interfere with our elections, why would they tamper with the states’ digital voter rolls when they could hack voting machines that cast and tally votes? I had an “aha moment”: this would be the topic of my capstone. After consulting with Stephen Maher, my capstone advisor, and my former professors David J. Smith (CYB 680: Cyberspace Law, Public Policy & Politics and CYB 682: Cyber War & Deterrence) and Khatuna Mshvidobadze (CYB 688 – International Aspects of Cyber Policy), I decided to analyze the cyber insecurity of our elections infrastructure, now officially deemed “critical infrastructure”—a sector vital to our national security.

The title of my capstone is The Threat of Nation-State Hacking of State Voter Registration Databases during U.S. Presidential Elections. I explored the ways that voter registration databases are vulnerable to attacks by adversarial nation-states, the impact these hacks have on our democratic free and fair elections, and how the U.S. can better defend against external malicious attacks on our election infrastructure in the future. My research was a launching point into the burgeoning field of election integrity, which is more than just a matter of cybersecurity—it is a matter of national security.

What are you doing now?

I’m working with an election technology research organization in an advisory capacity focusing on election law, public policy, and government relations. Additionally, I’m advising several entities on the public policy implications of election technology as a matter of national security, as well as providing policy advice to non-profits and a state government on blockchain technology to protect voter records and election results.

What advice would you give to students entering the MPS Cyber Policy & Risk Analysis program?

I would encourage new MPS students to begin at the end—the end being the capstone project. During the entire core curriculum, I recommend that students begin to think about an area of interest that conjures ideas for an in-depth policy paper. Thinking about either the industry they currently work in, or something that’s just of interest to them, and as they go through the 10 required classes, to ask themselves, “How could I use the information I learned in this class and apply it to a topic that is ‘hot’ right now in the cyber realm?”

There is very little time to research, analyze and write an outstanding capstone paper in an eight-week class. But if you begin early—just taking some notes on your favorite topics within each class—you’ll save time and energy during the crunch time of the capstone project in CYB 697: Professional Development in Cyber Policy & Risk Analysis.

The professors are absolutely delighted to help the students. I would encourage all the students to take advantage of the wonderful faculty in the cyber policy program and the cyber security faculty at large.

Would you recommend the MPS Cyber Policy & Risk Analysis program?

Yes, without hesitation! I could not have received a finer education on cyber policy and risk analysis.

To learn more about the online MPS program at Utica College, complete the form or call us at 315.732.2640 –or toll free at 866.295.3106.