James E. Emge

Date of Award


Document Type


Degree Name

Master of Science


Department of Electrical and Computer Engineering

First Advisor

Kenneth M. Hopkinson, PhD.


Traditionally, when a task is considered for automation it is a binary decision, either the task was completely automated or it remains manual. LOA is a departure from the tradition use of automation in cyber defense. When a task is automated, it removes the human administrator from the performance of the task, compromising their SA of the state of the network. When the administrator loses SA of the network performance and its current state, failure recovery time becomes much longer. This is because the administrators must orient themselves to the current state of the network at the time of failure and determine the cause of the failure before repairs or supplemental operations can occur. LOA attempts to mitigate this problem by keeping the administrator engaged in network tasks along side the automation agent. Keeping the administrator aware of both the automated system's performance and the performance of the network, while taking advantage of the automation system's speed and the complex decision making of the administrator. This research applies LOA to computer network defense during cyber attacks. The goal is to find the most efficient LOA that keeps the administrator engaged in the defense of the network while preserving efficiency. The LOA allows the administrator to supplement and/or correct the automated system, while the automated system handles the time sensitive events to keep the administrator from being overwhelmed or the network from being compromised.

AFIT Designator


DTIC Accession Number