kau.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Collateral Damage from Offensive Cyber Operations-A Systematic Literature Review
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0009-0008-2442-4058
2025 (English)In: Journal of Cybersecurity and Privacy, E-ISSN 2624-800X, Vol. 5, no 2, article id 35Article, review/survey (Refereed) Published
Abstract [en]

As offensive cyber operations have become more commonplace, cyber collateral damage (CCD) to society and to civilian infrastructure has expanded in impact and severity. Several research contexts, frameworks, and methods apply to these collateral effects, especially as they pertain to reducing them. To investigate and map this area of research, five leading scientific databases (Scopus, IEEE Xplore, Springer Link, ScienceDirect, and ProQuest) were searched for papers on CCD. From 716 search results, 74 relevant papers were selected. Using surface categories as well as thematic analysis, these were grouped into the main emergent categories of legal, ethical, targeting-oriented, and econometric papers, with each category showing a recent research trend. The papers were qualitatively assessed for importance and coverage and compared bibliographically to identify key papers and authors. Within the identified areas of research, significant gaps remain. While CCD is becoming increasingly well understood from a legal and operational perspective, this accounts only for a fraction of the civilian harm caused by offensive cyber operations. This study identifies potential pathways for the synthesis of the current research areas (targeting, taxonomy, econometrics) with broader definitions of collateral damage to include civilian harm. These include updating national cyber doctrines to require collateral damage estimates, as well as exploiting emerging open datasets to understand which cyber capabilities cause the greatest collateral effects. Finally, we observe that the research definitions and taxonomy of CCD differ widely and have been subjected to limited scrutiny and challenge to date.
Place, publisher, year, edition, pages
2025. Vol. 5, no 2, article id 35
Keywords [en]
cybersecurity, cyberwarfare, national security, cyberethics, collateral damage
National Category
Computer and Information Sciences Information Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-103866DOI: 10.3390/jcp5020035ISI: 001516682300001Scopus ID: 2-s2.0-105009295144OAI: oai:DiVA.org:kau-103866DiVA, id: diva2:1950435
Funder
Knowledge Foundation, 20220129-H-01
Note

This paper was included as a manuscript in the licentiate thesis entitled "Expanding the view on Offensive Cyber Operations" KUS 2025:20.

Available from: 2025-04-07 Created: 2025-04-07 Last updated: 2026-02-12Bibliographically approved
In thesis
1. Expanding the view on Offensive Cyber Operations
Open this publication in new window or tab >>Expanding the view on Offensive Cyber Operations
2025 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Society relies upon the internet, a globally interconnected collection of networked information systems. These systems are imperfectly designed and implemented with critical flaws and vulnerabilities. Criminal hackers attack these shortcomings for financial gains, but there are also compelling reasons for states and state-sponsored groups to act in and through cyberspace. While state-sponsored cyberattacks can be both permissible and effective, they commonly have unintended effects: cyber collateral damage. 

Most offensive cyber operations are conducted below the threshold of force recognized in international law and do not qualify for a military response. This means that they can be used both for clandestine sabotage, for intelligence gathering, and to implant vulnerabilities in preparation for larger-scale attacks in the future. These activities have caused considerable harm beyond their intended targets. Such collateral effects have been seen in some of the most infamous and costly cyberattacks, such as the 2010 Stuxnet attack, the 2017 NotPetya attack, and the 2022 attack on ViaSat as part of the invasion of Ukraine.

An under-investigated metric when analyzing the impact of cyber op-erations is their economic cost, both in terms of production and (es-pecially) in their collateral cost to society. The economic cost is also subject to considerable externalization in the planning of cyber operations. This thesis thus investigates the balance between the op-erational effects of cyber operations and their collateral costs; the cost/benefit dilemma of offensive cyber operations. It does so by con-sidering the potential benefit of high-impact cyberattacks, e.g. supply chain vulnerability implantation against hardened targets, and by us-ing econometric methods to calculate the cost of collateral damage engendered when cyberspace is used as a domain of warfare. In doing so, it provides the first quantitative comparison of military utility to civilian harm in a cyber context. Although cyberattacks have long been considered a central component in asymmetric warfare, the the-sis presents a bottom-up analysis which shows that the economic damage caused by cyberattacks in the Russo-Ukrainian conflict 2014-2021 is an insignificant part of the Ukrainian GDP.

Finally, the thesis argues that the full cost of attacks should be meas-ured and included in models for collateral damage estimation. Such estimates should be included into national cyber doctrines to mini-mize unintended effects and ensure efficient and appropriate use of cyber capabilities.
Abstract [en]

Society relies upon the internet, a globally interconnected collection of networked information systems. These systems often contain critical vulnerabilities, giving states and state-sponsored groups compelling reasons to act in and through cyberspace. While state-sponsored cyberattacks can be both permissible and effective, they commonly have unintended effects: cyber collateral damage.  This thesis investigates the balance between the operational effects of cyber operations and their collateral costs; the cost/benefit dilemma of offensive cyber operations. It does so by considering the potential benefit of high-impact cyberattacks, e.g. supply chain vulnerability implantation, and by using econometric methods to calculate the cost of collateral damage engendered when cyberspace is used as a domain of warfare. The thesis further presents a bottom-up analysis which shows that the economic damage caused by cyberattacks in the Russo-Ukrainian conflict 2014-2021 to be an insignificant part of the Ukrainian GDP. Finally, the thesis argues that the full cost of attacks should be measured and included in models for collateral damage estimation. Such estimates should be included into national cyber doctrines to minimize unintended effects and ensure efficient and appropriate use of cyber capabilities.
Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2025. p. 35
Series
Karlstad University Studies, ISSN 1403-8099 ; 2025:20
Keywords
Cybersecurity, cyber warfare, collateral damage, structured literature review, applied econometrics
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-103876 (URN)10.59217/bdrf5749 (DOI)978-91-7867-572-2 (ISBN)978-91-7867-573-9 (ISBN)
Presentation
2025-06-02, Sjöström 1E309, Universitetsvägen 2, Karlstad, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge Foundation, 20220129-H-01
Available from: 2025-04-30 Created: 2025-04-08 Last updated: 2026-02-12Bibliographically approved

Open Access in DiVA

fulltext(3330 kB)40 downloads
File information
File name FULLTEXT01.pdfFile size 3330 kBChecksum SHA-512
ba3e9622580123dc77741b8d943f48d3e8ad2a7bf1b86b8dae2bb7a4508e5613dde025ff61a91c6e15e38f14946ef3bdabef89d62befb30c8145aede6316580f
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Larsson, Emil

Search in DiVA

By author/editor
Larsson, Emil
By organisation
Department of Mathematics and Computer Science (from 2013)
In the same journal
Journal of Cybersecurity and Privacy
Computer and Information SciencesInformation Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 40 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 244 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Karlstad University
|
University Library
|
Researchers support