Public opinion polling shows a lack of consensus about where cyberattacks fall within the escalatory ladder of conventional warfare.
Over the course of the last year there have been a number of high-profile cyberattacks, including government-sponsored and private attacks on targets within the United States. More recently, Russia has brought the topic of cybersecurity to the forefront by engaging in repeated hacking of Ukrainian government and civilian systems in coordination with their conventional military attack on the country.
Americans across the partisan spectrum agree that cyberattacks are a critical threat to the interests of the United States. However, since cyber warfare is a relatively new and rapidly developing concept, there are not yet clear norms determining how it fits into the escalatory ladder of conventional warfare. For their part, the American public seems to view cyberattacks as warranting an in-kind response, but not as cause for launching a conventional military attack.
Americans View Cyberattacks as a Top Security Threat
Over the past decade, international confrontations in cyberspace have increased in both frequency and intensity. In general, public opinion has tracked along with this dynamic. In 2010 just over half of the public (53 percent) saw cyberattacks as a critical threat. In the Council’s March 25–28 survey, that figure rose to 73 percent, making cyberattacks one of the top threats in the eyes of Americans. This position is popular across party lines—held by more than seven in 10 Republicans (77 percent critical threat), Democrats (71 percent), and Independents (73 percent). Along with this widespread concern over cyberattacks, four in five Americans see preventing cyberattacks as a very important US foreign policy goal (83 percent).
According to a Council survey from 2017, concerns about cyberattacks are primarily focused on the possible effects on US infrastructure. Americans expressed more concern about damage to US infrastructure (43 percent) than the theft of personal information (34 percent) or classified government information (22 percent). Both recent events and expert forecasts about cyber vulnerability indicate that these concerns about American infrastructure are likely valid. A May 2021 cyberattack on the Colonial Pipeline resulted in a massive shutdown of gasoline transport on the East Coast of the United States and certainly caught the attention of the American public. According to a poll by YouGov America, 85 percent of Americans were aware of the attack a week later.
Fighting Virtual Fire with Fire
As international actors’ cyber capabilities evolve, how cyber warfare fits into countries’ traditional foreign policy toolboxes and strategies has remained somewhat of a gray area. Debates surrounding how international law will be applied in cyberspace and whether conventional military attacks are justified responses to cybercrimes are certainly not closed ones, and countries are already developing a range of different approaches. For their part, the American public seems to support most retaliatory measures short of conventional warfare in response to cyberattacks. These include imposing sanctions on countries that have launched cyberattacks (85 percent) as well as conducting retaliatory cyberattacks against governmental computer systems (59 percent). However, Americans are reluctant to escalate cyberwarfare into conventional warfare: only 41 percent support responding to cyberattacks with airstrikes aimed at another country’s military. Public support is also low for retaliatory cyberattacks targeting another country’s civilian infrastructure (35 percent). Across the board, Republicans display higher levels of support for retaliatory actions. Gaps between Republicans and Democrats ranged from eight percentage points on imposing sanctions to 13 points on airstrikes against military targets.
What Does This Mean for Ukraine?
The above data on potential responses to cyberattacks are from July 2021, well before Russia’s invasion of Ukraine. Russia has been linked to multiple cyberattacks against Ukraine’s government infrastructure, and the European Union has recently declared them responsible for an attack on European satellite internet just before the invasion of Ukraine.
The war in Ukraine has brought international cyberwarfare squarely into the public focus, and recent polling is beginning to tease out how Americans see cyberwarfare fitting into the broader US response to the invasion. A YouGov survey fielded April 30–May 3 finds that Americans are conflicted about launching cyberattacks on Russia as a response to in the country’s invasion of Ukraine. Just over a third of Americans think that launching cyberattacks is a good idea (38 percent), while another third say it is a bad idea (33 percent), and the final third is unsure (29 percent). The survey found a similar level of support (35 percent) for sending soldiers to Ukraine solely to provide help and not to fight Russian soldiers. A number of other proposed responses to Russian aggression received higher support among the American public. Over six in 10 support sending financial aid (65 percent) and weapons (62 percent) to Ukraine. Policies that fall cleanly into the nonmilitary category, such as imposing economic sanctions on Russia (68 percent) and banning Russian imports (60 percent) are also more popular among the public. These differing levels of support indicate Americans likely view cyberattacks as a significant escalation from nonmilitary support for Ukraine, more on par in severity with putting American troops on Ukrainian soil, but still short of full military engagement.
These findings specific to the current situation in Ukraine are difficult to directly compare to the general cyberwarfare questions above because of Russia’s tense relationship with the United States. Responses may suggest an unwillingness by Americans to directly involve the United States in a conflict with a powerful adversary instead of being a statement on the norms of engaging in cyber warfare. As Russia’s war in Ukraine progresses, it may serve to shape the norms and regulation of cyber warfare as a dimension of international conflict.