Computer network defense analysts engage a difficult, though critical, task in cyber defense. Anecdotally, these operators complain of frequent task interruptions while they are performing their duties. The goal for the current study was to investigate the effect of a commonly reported interruption, answering email, on accuracy and completion times in a simulated network analyst task. During task trials, participants were interrupted by emails between alert investigations, during alert investigations, or not at all (control). The results indicated that email interruptions increased alert completion times regardless of when they occurred, but interruptions that occurred during an alert investigation also reduced the accuracy of subsequent judgments about alert threat. Overall, the results suggest that task interruptions can potentially undermine cyber defense, and steps should be taken to better quantify and mitigate this threat.
ChampionM. A.RajivanP.CookeN. J.JariwalaS. (2012, March). Team-based cyber defense analysis. Paper presented at the 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), New Orleans, LA.
3.
ChappelleW.McDonaldK.ChristensenJ.PrinceL.GoodmanT.ThompsonW.HayesW. (2013). Sources of occupational stress and prevalence of burnout and clinical distress among U.S. Air Force Cyber Warfare Operators (Technical Report No. AFRL-SA-WP-TR-2013-0006). Wright-Patterson Air Force Base: Air Force Research Laboratory, Human Effectiveness Directorate.
4.
CohenS. (1980). Aftereffects of stress on human performance and social behavior: A review of research and theory. Psychological Bulletin, 88, 82-108.
5.
D’AmicoA.WhitleyK. (2007). The real work of computer network defense analysts: The analysis roles and processes that transform network data in to security situation awareness. In GoodallJ.R.MaK.-L. (Eds.), VizSEC 2007: Proceedings of the workshop on visualization for computer security (pp. 19-37). Heidelberg, Germany: Springer-Verlag.
6.
DyeG. (2015). Using imprint to guide experimental design of simulated task environments (Technical Report No. AFIT-ENG-MS-15-J-052). Wright-Patterson Air Force Base, OH: The Air Force Institute of Technology.
7.
Erceg-HurnD.M.MirosevichV.M. (2008). Modern robust statistical methods: An easy way to maximize the accuracy and power of your research. American Psychologist, 63, 591-601.
8.
FunkeG.DyeG.BorghettiB.MancusioV.GreenleeE.MillerB.MenkeL.BrownR.VieaneA. (2016). Development and validation of the Air Force Cyber Intruder Alert Testbed (CIAT). In NicholsonD. (Ed.), Advances in human factors in cybersecurity (pp. 363-376). Cham, Switzerland: Springer.
9.
GreenleeE.T.FunkeG.J.WarmJ.S.SawyerB.D.FinomoreV.S.MancusoV.F.FunkeM. E.MatthewsG. (2016). Stress and workload profiles of network analysis: Not all tasks are created equal. In NicholsonD. (Ed.), Advances in human factors in cybersecurity (pp. 153-166). Cham, Switzerland: Springer.
10.
GreiveA.P.AgC.-G. (1984). Tests of sphericity of normal distributions and the analysis of repeated measures designs. Psychometrika, 49, 257-267.
11.
GutzwillerR.S.FugateS.SawyerB.D.HancockP.A. (2015). The human factors of cyber network defense. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 59, 322-326.
12.
HollanderM.WolfeD.A. (1999). Nonparametric statistical methods (2nd ed.). New York, NY: Wiley.
13.
MayburyM. (2015). Toward the assured cyberspace advantage: Air Force cyber vision 2025. IEEE Security & Privacy, 13, 49-56.
14.
McFarlaneD.C.LatorellaK.A. (2002). The scope and importance of human interruption in human-computer interaction design. Human-computer Interaction, 17, 1-61.
15.
MonkC.A.Boehm-DavisD.A.TraftonJ.G. (2002). The attentional costs of interrupting task performance at various stages. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 46, 1824-1828.
16.
MonkC.A.TraftonJ.G.Boehm-DavisD.A. (2008). The effect of interruption duration and demand on resuming suspended goals. Journal of Experimental Psychology: Applied, 14, 299-313.
17.
ScarfoneK.MellP. (2007). Guide to intrusion detection and prevention systems (IDPS): Recommendations of the National Institute of Standards and Technology (Special Publication 800-94). National Institute of Standards and Technology, Technology Administration, U.S. Department of Commerce.
18.
VieaneA.FunkeG.MancusoV.GreenleeE.DyeG.BorghettiB.MillerB.MenkeL.BrownR. (2016). Coordinated displays to assist cyber defenders. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 60, 344-348.
