Cyber operations consist of military actions aiming to affect the cyber domain and thereby reaching a specific goal. The actions can be both defensive and offensive. The report constitutes a final report for the project on cyber operations carried out at FOI in the years 2017-2020 for the Swedish Armed Forces. The focus is therefore on the Swedish Armed Forces' need for increased capability to conduct cyber operations. The report summarises the project background and the work carried out in the project, including reports, memos, research papers, and webinars. Six research questions are answered and future research opportunities are suggested. Below is a summary of the report's conclusions. Research on modelling in this area is limited. The models often focus on technical work, and are simplified so that the operations occur in steps without cycles, with elements of manual control, and for general purposes. Achieving situation awareness in the area is difficult because technical parts must be combined with organisational management. It is also difficult to attribute performed operations since actors are not open about what they do. Designations of attackers after attacks seem to be made on weak basis. Cyber operations seem mainly to be about intelligence gathering. Cyber sabotage is less common which may be due to sabotage being easier to perform outside the cyber domain. Open sources reveal that a large part of the cyber operations victims belong to the U.S.A., which may reveal their targets attractiveness, or the focus of the sources used. Cyber operations described in open sources do not seem to have required much sophistication, but there may be undetected operations that are sophisticated. In any case, the sources indicate that cyber operations are mainly performed by resourceful and mature organisations. Cyber operation exercises can be staged at the technical level in cyber ranges. However, the lack of data on real cyber operations limits the realism. Furthermore, it is a challenge to combine technical exercises with discussion based tabletop exercises at the command and control level. Under international law, there are no clear rules for what is allowed in the cyber domain, even though associations such as the EU and NATO have begun to develop their own rules and interpretations. Military and civilian cyber systems are often intertwined, resulting in unclear distinctions between the two.