Public Opinion and Cyberterrorism

Abstract Research into cyber-conflict, public opinion, and international security is burgeoning, yet the field suffers from an absence of conceptual agreement about key terms. For instance, every time a cyberattack takes place, a public debate erupts as to whether it constitutes cyberterrorism. This debate bears significant consequences, seeing as the ascription of a “terrorism” label enables the application of heavy-handed counterterrorism powers and heightens the level of perceived threat among the public. In light of widespread conceptual disagreement in cyberspace, we assert that public opinion plays a heightened role in understanding the nature of cyber threats. We construct a typological framework to illuminate the attributes that drive the public classification of an attack as cyberterrorism, which we test through a ratings-based conjoint experiment in the United States, the United Kingdom, and Israel (N = 21,238 observations). We find that the public (1) refrains from labeling attacks by unknown actors or hacker collectives as cyberterrorism; and (2) classifies attacks that disseminate sensitive data as terrorism to a greater extent even than physically explosive attacks. Importantly, the uniform public perspectives across the three countries challenge a foundational tenet of public opinion and international relations scholarship that divided views among elites on foreign policy matters will be reflected by a divided public. This study concludes by providing a definitive conceptual baseline to support future research on the topic.


Codebook
Original variables in dataset ("Combined Conjoint Data.csv") 4 = correct answer Comp courses 1 = "I've never taken any of these courses."; 2 = "I've taken 1 course."; 3 = "I've taken between 2 -5 courses."; 4 = "I've taken more than 5 courses." Political position 1 = Extremely left; 6 = Extremely Right Party ID US 1 = Strong Democrat; 7 = Strong Republican Prev Exposure Terror 1 0 = no; 1 = yes Prev Exposure Terror 2 0 = no; 1 = yes Prev Exposure Cyber 1 0 = no; 1 = yes Prev Exposure Cyber 2 0 = no; 1 = yes Prev Exposure Cyber 3 0 = no; 1 = yes Personal Threat 1 1 = not at all; 6 = extremely Personal Threat 2 1 = not at all; 6 = extremely Personal Threat 3 1 = not at all; 6 = extremely National Threat 1 1 = not at all; 6 = extremely National Threat 2 1 = not at all; 6 = extremely National Threat 3 1 = not at all; 6 = extremely The primary objective of our study is to estimate the causal effects of specific incident attributes on the ascription of an attack as cyber-terrorism. Given this, we employ a design where respondents are assigned to appraise scenarios with randomly generated attributes. We draw from a large sample of respondents, across three countries, who are accessed through online survey companies that employ a non-probability sampling method. To account for any demographic imbalances that would undermine any inferences of causality, we conduct balance checks that test whether specific demographic and attitudinal covariates (gender and political ideology) predict the assignment of the study's independent variable (attack attributes). These analyses appear in Figures S2, S3, S5, S6, S8, and S9, and confirm that the random assignment was successful.
To reach the participants, we employed three different survey panels due to our preference for providers that have large market share and a diverse sample of participants in each country. In the United States, we drew our sample from Amazon Mechanical Turk (MTurk), in the United Kingdom we used the Prolific, and in Israel we worked with Midgam. All three providers are frequently used in social science research. While unmoderated survey panels such as MTurk and Prolific have a mixed reputation regarding the representativeness of their participant pools, research has shown that these two panels consistently outperformed laboratory-based convenience samples in ensuring variation across socio-demographic and political characteristics of interest (Berinsky et al., 2012;Hauser and Schwarz, 2016;Palan and Schitter, 2018). The Israeli survey provider -Midgam -is moderated by a team of facilitators, with access to more than 90,000 Israeli respondents (more than 1% of the entire Israeli population).
Respondents accessed via the un-moderated Internet survey companies (MTurk and Prolific) were required to have an approval rating of at least 96%, have completed at least 50 surveys, be a resident of the particular country, and be over 18 years of age. These quality checks are not required with Midgam, where the studies are distributed by dedicated technicians to verified users.
In the Israeli sample, we limited the sample to Jewish respondents, since attacks against national institutions are unlikely to be viewed as an attack against the in-group by some portion of Palestinian respondents.
A reCaptcha test was inserted at the beginning of all surveys to weed out bots. The study was fielded simultaneously on 26 -27 August, 2020, during which time we recruited 3,242 respondents (United States, N = 1,077; United Kingdom, N = 1,042; Israel, N = 1,123. We retain only the 3,036 respondents (United States, N = 1,012; United Kingdom, N = 1,010; Israel, N = 1,014) who completed all of the conjoint questions and who passed the reCapctha test. This amounts to a total non-completion rate of 6.35% -a rate that compares favorably to completion metrics in other webbased surveys (Liu and Wronski, 2018). As is the norm with online survey panels, our respondents tended to be young, with a median age of 38. Following best practice, we refrain from removing "speeders" who complete the survey particularly fast, since their removal does not alter marginal distributions in a meaningful way, and such paticipants are representative of a segment of the larger population who only partially absorb data before reaching political decision (Greszki et al., 2015).
In Sections 2.2-2.4, we review the demographic breakdown of each country's sample, and we conduct balance checks to confirm that no demographic or attitudinal covariates predict the assignment of the study's independent variable.

Israel
The sample for Israel was collected using Midgam. 1,014 individuals completed the survey on August 26, 2020.  This figure contains a plot of conservative ideology by treatment category with 95% confidence intervals. Conservative indicates that the respondents answered either a 5 or a 6 on our ideology measure, indicating that they were either "conservative" or "very conservative/right".

United Kingdom
The sample for the United Kingdom was collected using Prolific. 1,010 individuals completed the survey on August 26, 2020.  This figure contains a plot of conservative ideology by treatment category with 95% confidence intervals. Conservative indicates that the respondents answered either a 5 or a 6 on our ideology measure, indicating that they were either "conservative" or "very conservative/right".

United States
The sample for the United States was collected using Mechanical Turk (MTurk). 1,012 individuals completed the survey between August 25 and August 26, 2020.  This figure contains a plot of conservative ideology by treatment category with 95% confidence intervals. Conservative indicates that the respondents answered either a 5 or a 6 on our ideology measure, indicating that they were either "conservative" or "very conservative/right".

Country-Level Results
In the main manuscript and accompanying appendices, we disaggregate our conjoint analysis by country, and compare the country-level differences by using the AMCE value as the means of comparison. Here, we supplement this analysis by using marginal means. The significant marginal means differences across countries are plotted in Figure S10, and fully specified in Tables S6-S8.

Figure S10: Marginal Means Difference by Country
This figure contains a plot of the difference in marginal mean levels cyberterrorism attribution by treatment category with 95% confidence intervals. This presents the difference by country for all respondents. For example, attributing the motivation to revenge has a more positive effect on attribution for American respondents than Israeli or British respondents regardless of ideology.

Interaction Effects
The baseline results described above allowed us to quantify the importance of various attributes to the classification of incidents as cyber-terrorism. Yet our empirical design grants us the ability to conduct more nuanced analyses that measure the interaction between people's personal beliefs and experiences and the ascription of cyber-terrorism. For example, it is well established that people with a right-wing political orientation view security incidents more severely than left-wing oriented people. This manifested in the conjoint survey with right-wing respondents classifying a small yet statistically significantly higher number of incidents as cyber-terrorism than left-wing respondents (77% compared to 74%, p < .001).
To test for exogenous interaction effects, we fit a fully interacted model to the pooled data and then conducting an F-test to compare the two models. This process in effect reveals whether the designation of an incident as cyber-terrorism varies across levels of the intervening variable.
Following Leeper et al. (2020), we acknowledge that the interaction effects in conjoint analyses are sensitive to reference category choices, and we stand by the justifications for the selection of each reference category described in the main manuscript. In the sections below, we look at two relevant intervening exogenous variables that are likely to influence the perception of a cyber incident as cyber-terrorism.
In Figure S11, we report the effects of incident attributes on the designation of an attack as cyberterrorism, disaggregated by political orientation. The left-hand panel depicts the estimates of each attribute effect for respondents with self-described conservative political beliefs, and the right-hand panel reflects those participants with liberal political attitudes. 1 What is immediately observable in Figure S11 is that the attack attributes trigger greater volatility among liberal respondents who are more influenced by the attack characteristics-both positively and negatively-than their more steadfast conservative counterparts. 2 We can infer from this that conservative individuals are more comfortable associating cyber-attacks in general with cyber-terrorism, while this association is weaker for liberals and more reliant on the presence or absence of particular features.
A key point of difference in the qualities that spur the designation of an attack as cyber-terrorism between liberals and conservatives is the effect of the announced motivation of the attacker. An-nouncing that the attacker's motivations were either 'changing government policy' or 'overthrowing the government' heightened the likelihood that liberal respondents would designate an attack as cyber-terrorism to a significantly greater degree than for conservative respondents (at p < .00 and p < .03 respectively). This accords with past research showing how people with left-wing political attitudes are more likely to take account and be influenced by terrorists' motivations than people with right-wing orientations (Sánchez and García, 2016). This outcome challenges findings from Canetti et al. (2021) who question the assumption that motive attribution influences public support for counter-terror policy, and raises the possibility that motive attribution might behave differently in cyberspace than in conventional arenas.
Another key point of difference emerges in response to the outcome of the attack. The marginal component effects of the 'major explosion' outcome and the 'theft and dissemination of sensitive information' outcome were significantly different for liberal and conservative respondents, at p < .02 for both effects, with liberal respondents associating these outcomes with cyber-terrorism at significantly higher levels than conservative respondents, who were less swayed by such features.

Figure S11: Effects of Incident Attributes on Probability of Being Classified as Cyber-Terrorism-By Political Orientation
Note: This plot depicts estimates of the effects of each randomly assigned attribute values on the probability of a scenario being classified as cyber-terrorism. Estimates are based on the AMCE model with clustered standard errors. Bars represent 95% confidence intervals. The uppermost values in each attribute, which lack confidence intervals, reflects the reference category for each attribute against which the estimates are based. This plot reveals a pooled estimate for liberal and conservative respondents drawn from the full multi-country sample.
Past research has persuasively identified the role of cyber-domain expertise in understanding the response of the general public to cyber attacks in general (Kostyuk and Wayne, 2020). As such, it behooves us to examine the intervening effect of computer literacy upon the classification of cyber acts as cyber-terrorism. 3 Figure S12 visualizes the distribution of attribute effects between respondents designated as high computer literacy (left-hand panel) and low computer literacy (right-hand panel).
Several sets of attributes are found to be statistically significantly different in the AMCEs of this sub-group. First, the AMCEs of three of the outcome attribute values (major explosion, minor explosion, theft and dissemination of sensitive information) are significantly different for high and low computer literacy, at p < .000, p < .000 and p < .048 respectively, with high computer literacy respondents associating incidents with each of these outcomes with cyber-terrorism at significantly high levels than low-computer literacy respondents. This logically follows the idea that members of the public with domain expertise will better perceive the rarity and gravity of a cyber-driven explosion, and also the potential significance of data as a valuable target for adversaries.
In a similar vein, we can also see that the AMCE of 'individual hacker' is significantly different for high and low computer literacy respondents, at p < .001, with high computer literacy respondents associating attacks from individual actors with cyber-terrorism at significantly lower levels than lowcomputer literacy respondents. Again, this makes sense given that those with some level of digital proficiency will understand the potential limitations that hinder the ability of individual hackers from causing substantial damage (Kostyuk and Wayne, 2020).
It is interesting to note that there was no difference between the relative marginal component effect of the two groups with respect to cyber-attack methodologies. High computer literacy respondents showed no inclination to view any particular method of attack with greater wariness than their low-computer literacy counterparts. Figure S12: Effects of Incident Attributes on Probability of Being Classified as Cyber-Terrorism-By Computer Literacy Note: This plot depicts estimates of the effects of each randomly assigned attribute values on the probability of a scenario being classified as cyber-terrorism. Estimates are based on the AMCE model with clustered standard errors. Bars represent 95% confidence intervals. The uppermost values in each attribute, which lack confidence intervals, reflects the reference category for each attribute against which the estimates are based. This plot reveals a pooled estimate for respondents with high and low computer literacy drawn from the full multi-country sample.

Conjoint Assumptions
As Hainmueller et al. (2014) note, conjoint experiments assume both no profile order effects and stability and no carryover. Our experimental design presents respondents with individual scenarios and asks them to decide whether it contains an act of cyber-terrorism, similar to other ratingsbased conjoint designs. Randomizing the order of the scenario text is not feasible in our study since we present a vignette (instead of tabular set) to respondents. Randomizing the order of sentences in a paragraph vignette would interfere with its logical coherence. However, stability and no carryover remains an important assumption to test. Table S9 presents the cyber-terrorism variable as a function of the response round (baseline 3rd round) with fixed effects for the respondent.
Respondents were more likely to assign the cyberterrorism label to the first and second panels that they viewed. Compared to round three, respondents responded 7.6% more to round one and 2.4% more to round two labels. There are no differences across the later rounds.
This would primarily be an issue if the survey is not balanced between rounds one and two and rounds three and seven. For example, if there were a large number of respondents who received the government office building treatment in the first round, and the first round is over-weighted generally, our inferences may be subject to bias. However, this is not the case -the randomization has the same distribution over treatments for the two sets of rounds. Figures S13 and S14 contain the distribution of treatments across the first and second round against the third through seventh rounds. There are no pronounced differences in the treatment distributions.
Finally, we include the AMCE values calculated by round in Figure S15. There are no clear trends in AMCE values between the first rounds and the later rounds. There are only five cases where the 95% confidence interval for an AMCE within a round does not contain the mean overall AMCE for all rounds. That is Method/virus and Method/phishing in the first round, Agent/unknown in the fourth round, and Target/government office and Outcome/theft of private information for the seventh round.