Abstract
Imagine this scenario: Two states are in armed conflict with each other. In order to gain an advantage, one side launches a cyber-attack against the opponent’s computer network. The malicious malware paralyze the military computer network, as intended, but the malware spreads into the civilian system with physical damage to follow. This can happen and the natural question arises: What must be considered lawful targeting according to the international humanitarian law in cyber warfare? What steps must an attacker take to minimize the damage done to unlawful targets when conducting an offensive operation? How can the attacker separate military targets from civilian targets in cyber space? This paper addresses these questions and argues that a network (civilian or military) consist of several software components and that it is the individual components that is the target. If the components are used in the civilian network as well as in a military network then the legal concept of dual-use becomes increasingly relevant.