Cyber-defenders face lengthy, repetitive work assignments with few critical signals and little control over what transpires. Their task is one of vigilance, well studied in contexts including air traffic control and medical monitoring. Cyber-defense display information density is several orders of magnitude above that seen in the aforementioned domains, and therefore blindly generalizing
prior research is inadvisable. To understand this unique domain, we asked participants to perform a simulated cybersecurity task, searching for attack signatures in Internet traffic information. Consistent with results observed in “traditional” vigilance paradigms, signal detection declined significantly over time, it was directly related to signal probability, and it was inversely related to event rate. Reported high mental workload accompanied such degraded performance. These results highlight the necessity for understanding the physical and cognitive ergonomics underlying cyber-defense. They also suggest vulnerability to denial & deception (D&D) tactics which would effectively hack the human rather than the machine.
