(29) Having said that, for strategic purposes, as becomes clear below, it is more likely that a CFCC intends to cause less direct harm or damage than a CVCC. CVCC's principal target is the critical infrastructure of state actors.
Individually, a CFCC may be cheaper than a CVCC. The obstacles actors have to overcome to conduct a cyberattack against an industrial control system of a critical infrastructure are significant.
Having laid out the dimensions of CVCC and CFCC, we can now look at the distinct advantages and disadvantages of these capabilities.
The usage of a CVCC does not come with these restrictions; its effects can be selectively dispersed across a large geographical space (e.g., all hospitals in a certain country running on a certain system).
The third condition is that the actor designs the CVCC in such a manner that it is able to control the temporal nature of the harmful or damaging effects.
This type of capability design would allow for CVCC to be used somewhat similarly to economic sanctions.
The value of CVCC is that these activities could potentially take place in a covert manner, making it easier for a leader to save face after it backed down.
Ultimately, combining the above three conditions leads to a dilemma for the use of a CVCC. After all, it is difficult to combine the first and last conditions.
This is also demonstrated for more recent CVCC and CFCC usage.