Offensive cyber operations (OCOs) have become a prominent tool in the arsenals of state and non-state actors, offering capabilities ranging from espionage to destructive attacks. However, the interconnected nature of cyberspace introduces a complex challenge: the potential for unintended consequences, commonly referred to as collateral damage. This systematic literature review examines the current understanding of collateral damage stemming from OCOs. We synthesize definitions, analyze the technical and legal challenges associated with predicting and mitigating such effects, and explore the implications for international law, particularly the principles of distinction and proportionality. Our findings reveal a persistent gap between the theoretical frameworks and the practical realities of preventing unintended harm in a highly interdependent digital environment. We highlight critical areas for future research, including improved methodologies for effects assessment, enhanced legal interpretability for cyberspace, and the development of robust strategies to minimize spillover.

Offensive cyber operations, unintended consequences, spillover effects

Aiyer, B.; Caso, J.; Russell, P.; Sorel, M. Mckinsey: New Survey Reveals $2 Trillion Market Opportunity for Cybersecurity Technology and Service Providers. 2022. Available online: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers (accessed on 30 January 2024).

IBM Security; the Ponemon Institute. Cost of a Data Breach Report 2022. 2022. Available online: https://www.ibm.com/downloads/cas/3R8N1DZJ (accessed on 31 January 2024).

Hanson, F.; Uren, T. Australia’s Offensive Cyber Capability. 2018. Available online: https://www.aspi.org.au/report/australias-offensive-cyber-capability (accessed on 31 January 2024).

Farwell, J.P.; Rohozinski, R. Stuxnet and the Future of Cyber War. Survival 2011, 53, 23–40. [Google Scholar] [CrossRef]

U.S. Department of Justice. Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe. 2022. Available online: https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and (accessed on 1 February 2024).

Schelling, T.C. Dispersal, deterrence, and damage. Oper. Res. 1961, 9, 363–370. [Google Scholar] [CrossRef]

U.S. Air Force. Air Force Doctrine Publication 3–60, Targeting. 2021. Available online: https://www.doctrine.af.mil/Portals/61/documents/AFDP_3-60/3-60-AFDP-TARGETING.pdf (accessed on 1 February 2024).

Schmitt, M.N. (Ed.) Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations; Cambridge University Press: Cambridge, UK, 2017. [Google Scholar]

Arquilla, J.; Ronfeldt, D. Cyberwar is coming! Comp. Strategy 1993, 12, 141–165. [Google Scholar] [CrossRef]

Lee, E.A.; Seshia, S.A. Introduction to Embedded Systems: A Cyber-Physical Systems Approach, 2nd ed.; MIT Press: Cambridge, MA, USA, 2017. [Google Scholar]

Romanosky, S.; Goldman, Z. Cyber Collateral Damage. Procedia Comput. Sci. 2016, 95, 10–17. [Google Scholar] [CrossRef]

U.S. Air Force. Intelligence Targeting Guide, Attachment 7. 1998. Available online: https://irp.fas.org/doddir/usaf/afpam14-210/part20.htm (accessed on 1 February 2024).

Romanosky, S.; Goldman, Z. Understanding Cyber Collateral Damage. J. Natl. Secur. Law Policy 2017, 9, 233–257. [Google Scholar]

Dinstein, Y. The Principle of Distinction and Cyber War in International Armed Conflicts. J. Confl. Secur. Law 2012, 17, 261–277. [Google Scholar] [CrossRef]

Ablon, L.; Binnendijk, A.; Hodgson, Q.E.; Lilly, B.; Romanosky, S.; Senty, D.; Thompson, J.A. Operationalizing Cyberspace as a Military Domain, Perspective, RAND Corporation 2019. Available online: https://www.rand.org/content/dam/rand/pubs/perspectives/PE300/PE329/RAND_PE329.pdf (accessed on 30 January 2024).

U.S. Department of Defense. Department of Defense Law of War Manual; William S. Hein & Company: Getzville, NY, USA, 2023.

Maathuis, C.; Pieters, W.; Van den Berg, J. Assessment Methodology for Collateral Damage and Military (Dis)Advantage in Cyber Operations. In Proceedings of the MILCOM 2018—2018 IEEE Military Communications Conference (MILCOM), Los Angeles, CA, USA, 29–31 October 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 1–6. [Google Scholar] [CrossRef]

Maathuis, C.; Pieters, W.; van den Berg, J. Decision support model for effects estimation and proportionality assessment for targeting in cyber operations. Def. Technol. 2021, 17, 352–374. [Google Scholar] [CrossRef]

Grant, T. Building an Ontology for Planning Attacks That Minimize Collateral Damage: Literature Survey. In Proceedings of the 14th International Conference on Cyber Warfare & Security (ICCWS 2019), Stellenbosch, South Africa, 28 February–1 March 2019; pp. 78–86. [Google Scholar]

University of York Centre for Reviews and Dissemination. What Are the Criteria for the Inclusion of Reviews on DARE? 2014. Available online: https://www.ncbi.nlm.nih.gov/books/NBK285222/ (accessed on 31 January 2024).