The possibility that common users are successfully recruited in cyberattacks represents a considerable vulnerability because it implies that citizens can legitimize cyberattacks instead of condemning them. We propose to adopt an argumentative approach to identify which premises allow such legitimization. To showcase this approach, we created four short narratives describing cyberattacks involving generic users and covering different motives for the attacks: profit, recreation, revenge, and ideology. A sample of 16 participants read the four narratives and was afterward interviewed to express their position on the attacks described. All interview transcripts were then analyzed with an argumentative approach, and 15 premises were found to account for the different positions taken. We describe the premises, their distribution across the four narratives, and discuss the implications of this approach for cybersecurity.
https://dl.acm.org/doi/abs/10.1145/3491102.3517444
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2022.acm.org/)