A systematic modelling methodology is presented in this paper, so as to evaluate the effects of cyber-attacks on states’ Critical Information Infrastructure, in order to answer the question of whether these attacks have risen to the level of a ‘use of force’ under the principles of international law. By using the qualitative criteria for recognizing the impact of cyber-attacks as proposed by the International Group of Experts in the Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual) and by applying the Simple Additive Weighting method, the widely used Multiple Attribute Decision Making method, cyber-operations evaluation results are presented. For the analysis a case study of kinetic and cyber-attacks on Supervisory Control and Data Acquisition system is employed. Taking into account the qualitative and quantitative aspects of such attacks and adding for the first time the ‘military character’ attribute as defined by the Tallinn Manual in the calculation procedure, a more complete evaluation of such attacks is achieved.