This document discusses asymmetric balancing in cyber warfare and its implications for power dynamics in the Asia-Pacific region. It begins by introducing the shifting balance of power as China rises economically and militarily. It then discusses how the development of cyber warfare has created a new domain that is dominated by the US, allowing for asymmetric means of conflict that could reshape traditional security. The document defines key cyber warfare terms and compares conventional vs cyber warfare, noting how offense has an advantage over defense in the cyber domain due to lower costs and complexity of attacks. It explores how these dynamics may impact regional power structures.

1.
Asymmetric Balancing
Cyber Warfare and Power Dynamics in the Asia­Pacific
Andrew Hill

2. Hill 2
Introduction
The twenty­first century has witnessed the beginnings of a monumental shift within the
balance of power in the Asia­Pacific. While many critics and scholars attribute this shift to
American decline, the responsibility should be more readily associated with a rising China. As
China grows, other regional actors, the United States included, increasingly seek to develop
economic ties with it; yet to stem Chinese aggression and expansion, these same actors must also
increasingly depend upon the U.S. military presence within the region. The resulting dichotomy
of Chinese economic might and U.S. military investment has led many scholars to predict the
emergence of a struggle for regional hegemony in the near future. ​
Though this shift in influence
1
presents numerous such implications for the regional dynamics of the Asia­Pacific, most scholars
fail to take into consideration how the implications presented by a second, simultaneous and
parallel shift affect the regional structure of power. This secondary shift revolves around an
ongoing revolution in military affairs (RMA) that is systematically replacing conventional means
of warfare with unconventional and asymmetric methods.
2
Under the basic realist tenet that economic might transfers to military might, ​
many
3
assume that China’s rise will lead it to, and possibly even beyond, military parity with the United
States. After all, China already possesses or is developing the production capabilities for stealth
fighters, nuclear submarines, anti­ship ballistic missiles, and aircraft carriers. Combine this with
decades of phenomenal economic growth, and one might wonder what America can possibly do
1
Hugh White, ​The China Choice: Why American Should Share Power​, (Australia: Black Inc., 2012).
2
Eliot Cohen, “A Revolution in Warfare,” ​Foreign Affairs​, Mar/April 1996, Vol. 75, Issue 2. 37­54.
3
John J. Mearsheimer, “The False Promise of International Institutions,” in Karen Mingst and
Jack Snyder, Essential Readings in World Politics, Second Edition, (New York: Norton, 2004). 311.

3. Hill 3
to match pace. The answer is much and more. The increasing integration of military capability
with electronic communication networks has led to the advent of a new and overwhelmingly
U.S.­dominated combat domain – the cyber domain – which potentially stands to reshape
conventional security landscapes through asymmetric means.
4
While the cyber realm technically came into existence in 1969 with the birth of the
ARPANET, ​
it has only recently factored into international security concerns and military
5
tactics. So, unlike the four preexisting domains of warfare – land, sea, air, and space – there
exists relatively little academic research on the topic, and many scholars remain unfamiliar with
it. This relative ambiguity leads to a number of concerns that must be addressed in order to
update conceptions of the international political system. First, what is cyber warfare and what
impact has its development had on conventional military conflicts? What new threats arise
from the cyber realm, and what are the United States and the nations of the Asia­Pacific doing to
confront and/or inflict them? And most importantly, as the nature of conflict becomes less
traditional, what implications will cyber warfare have for regional power structures? This paper
addresses these issues and their corresponding implications through an applied analysis of
developing cyber warfare capabilities and operations in the crucible of a wired and evolving
Asia­Pacific region.
Defining “Cyber”
4
“Cyberwar: War in the Fifth Domain: Are the Mouse and Keyboard the New Weapons of Conflict?”
The Economist​, July 1, 2010, http://www.economist.com/node/16478792.
5
Stephen Segaller, ​Nerds 2.0.1: A Brief History of the Internet​, (New York: TV Books, 1999). 19­23.

4. Hill 4
A basic understanding of cyber­related terminology is absolutely essential to
understanding the implications the cyber domain presents to modern warfare. In conventional
usage, the prefix “cyber,” refers to electronic communications over computer networks, both
wired and wireless. However ambiguity and a lack of clarity currently surround all things cyber,
even cyber­related terminology. This paper will utilize the vocabulary and definitions found in
the Cyberspace Operations Lexicon developed by the U.S. Department of Defense (DOD),
which defines cyberspace as, “A Domain characterized by the use of electronics and the
electromagnetic spectrum to store, modify, and exchange data via networked systems and
associated physical infrastructures.” ​
This domain includes the internet, but also stand­alone
6
networks, such as the intranet of the Democratic People’s Republic of Korea (DPRK), which is
not connected to the World Wide Web, or a closed system, such as the computers and systems at
an Iranian nuclear testing facility.
Cyber Warfare refers to, “An armed conflict conducted in whole or part by cyber means.
Military operations conducted to deny an opposing force the effective use of cyberspace systems
and weapons in a conflict. It includes cyber attack, cyber defense, and cyber enabling actions.”
7
The most common cyber attack – “a hostile act using computer or related networks or systems,
and is intended to disrupt and/or destroy an adversary’s critical cyber systems, assets, or
functions” ​
– is a distributed denial of service (DDOS) attack, where hackers – individuals who
8
access computer networks by circumventing security measures – co­opt a large number of
computers to rapidly and repeatedly visit a website. This overloads the servers and causes the
6
James E. Cartwright, “Joint Terminology for Cyberspace Operations,” U.S. Department of Defense,
2010.
7
​Ibid​.
8
​Ibid.

5. Hill 5
site to crash. Other examples include computer viruses, such as Stuxnet, a sophisticated
computer worm that was introduced to an Iranian nuclear testing facility in 2010 and caused the
centrifuges there to spin so fast they broke apart and destroyed significant infrastructure at the
facility. ​
Warfare also involves espionage, which in the cyber domain would include such
9
malware as the Flame virus, which recorded sensitive audio­visual data, documents, and network
traffic before sending it to unknown servers abroad. ​
A similar, though so far rarely
10
implemented attack would involve capturing and controlling a system, such as a power grid or
government server and either shutting it down or rerouting resources in order to damage the
system.
The defensive side of cyber warfare consists of, “The integrated application of DoD or
US Government cyberspace capabilities and processes to synchronize in real­time the ability to
detect, analyze and mitigate threats and vulnerabilities, and outmaneuver adversaries, in order to
defend designated networks, protect critical missions, and enable US freedom of action.” ​
Cyber
11
defense, which is often used interchangeably with the term, “cyber security,” primarily relies on
the same underlying technologies used to protect personal computers – firewalls, anti­malware
programs, and data encryption, even at the level of national infrastructure. The resources
available to the U.S. government further allow it to engage in cyber countermeasures, effectively
setting traps that inflict significant damage on the systems of would­be hackers. In addition, the
federal government and private corporations invest heavily in the physical security of cyber
9
Kristin M. Lord and Travis Sharp, ​America’s Cyber Future: Security and Prosperity in the Information
Age​, Vol.1, Center for a New American Security, June 2011. 13.
10
“The Flame: Questions and Answers,” SecureList Website, Kaspersky Labs, May 28, 2012.
https://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers.
11
Cartwright, ​ibid.

6. Hill 6
infrastructure, such as servers, cables, and root clusters – regional hubs of internet traffic. But
while the cyber domain may utilize a similar vocabulary as the four traditional combat domains,
it differs significantly in its implementation.
Conventional Warfare vs. Cyber Warfare
Clausewitz famously defined war as “an act of force to compel our enemy to do our
will,” elaborating that “force…is thus the means of war,” and “to render the enemy
powerless…is the true aim.” ​
In this sense, cyber warfare is very much the same as
12
conventional warfare – actors use force, in this case a cyber attack, with the aim of crippling an
enemy. However in cyber warfare, force employment – whether through offense, defense, or
deterrence – and those external factors that shape strategic decisions can differ wildly from their
traditional counterparts.
Historically, defense has held a strategic advantage over offense, both in terms of cost
and ease. ​
But warfare in the cyber domain sees this trend reversed, and offense dominates
13
defense. ​
Comparatively, offensive cyber operations are exponentially cheaper than defensive
14
countermeasures. Furthermore, offensive operations require far less effort and complexity. A
12
Carl von Clausewitz, ​On War​, trans. Michael Howard and Peter Paret, (New York: Oxford University
Press, 2007). 14.
13
​Ibid.​, 159­162.
14
Lord and Sharp, ​ibid., ​28 .

7. Hill 7
successful and potentially crippling attack can be launched by a single person with minimal
training from one simple personal computer for a few hundred dollars. One expert has estimated
that, with 100 million dollars, a regime could form a top tier cyber force capable of penetrating
U.S. cyber defenses within two years. ​
Both costs represent mere fractions of the billions spent
15
in the United States alone on cyber security measures. The inherent difficulty associated with
identifying an attacker further complicates cyber defense, but it also lowers the threat of
retaliation against cyber attacks, effectively limiting the credibility of cyber deterrence.
Despite the increasing levels of integration between the cyber domain and military
operations, cyberspace was never designed for defense. Indeed its very nature as an expansive,
yet poorly defined domain poses immense problems for national security by removing the
traditional geographic constraints and advantages that have long shaped the landscape of
traditional warfare. Controlling trade routes, sea lines of communication, and geographic
barriers such as mountains and deserts both strengthened defenses and provided offensive
advantages, and it constrained the strategic movement of forces as well. However, previous
RMAs which created the air and space domains drastically decreased geographic limitations in
twentieth century warfare, and now, with the advent of the cyber domain, militaries in the
twenty­first century can completely transcend such constraints. Only the budgets and ingenuity
of actors restrict warfare in cyberspace, as the cost of defensive operations far surpasses that of
offensive operations.
The lack of clearly defined borders within cyberspace and the low barriers to entry lead
to yet another problem – the inability to successfully identify the enemy. Tracking a successful
15
​Ibid.​, 20.

8. Hill 8
attack to its source and correctly identifying the perpetrator often proves extremely difficult, if
not impossible. The Stuxnet and Flame malware for instance, though generally attributed to a
joint effort by the U.S. and Israeli intelligence communities, took months to trace and significant
debate remains over the exact nature of their origins. ​
This anonymity minimizes the risk of
16
retaliation and further encourages offensive cyber operations, especially as a means of
asymmetric warfare employed by a smaller entity against a larger, stronger opponent. The
United States, well regarded as the most powerful and competent force in the cyber domain,
averages over 1.8 billion attacks per month against the executive and legislative branches of
government alone.
17
While cyber warfare favors offense, it functions best in a supplementary capacity,
augmenting traditional warfare to improve efficiency and minimize risk by targeting
infrastructure. Moore’s Law, developed by a co­founder of Intel, states that “the number of
transistors on a computer chip will double roughly every two years, resulting in constantly
increasing computing power at decreasing cost.” The implication of this exponential
18
innovation in computing means that increasingly integrated weapons and communications
technologies can be developed faster and made more widely available than ever before,
drastically lowering the barriers to entry, especially when compared with the four preexisting
domains of warfare – land, sea, air, and space – each of which can be astronomically expensive.
This increase in efficiency coincides with a decrease in human­to­human interaction as
combatants gain the capability to launch attacks from the comfort and safety of an office desk.
16
“Cyberattacks on Iran – Stuxnet and Flame,” ​The New York Times​, last updated Aug. 9, 2012.
http://topics.nytimes.com/top/reference/timestopics/subjects/c/computer_malware/stuxnet/index.html.
17
Lord and Sharp, ​ibid​., 20.
18
Lord and Sharp, ​ibid.,​ 21.

9. Hill 9
The lack of an international legal regime or well­defined norms of behavior further
compound the problems presented by the affordability and lack of transparency currently
associated with warfare in the cyber domain. No international organization or legal body has
clearly defined what behaviors constitute a cyber war or the consequences that would result from
such a conflict. Furthermore, no international institution has clearly differentiated cyber war
from cyber terrorism or cybercrime, nor which legal regime – law enforcement, intelligence
collection, or military operations – would actually apply to such operations. ​
Nor has it been
19
determined whether a cyber attack even constitutes a use of force, as most offensive operations
target information and inflict little if any kinetic or physical damage. ​
Existing international
20
norms and laws are beholden to the first four domains of warfare and have yet to account for the
cyber domain. .
But while cyber operations may inflict less kinetic damage, the potential costs of a cyber
attack are much higher. A 2007 report estimated that a full scale cyber attack against U.S.
critical infrastructure could cost $700 billion. ​
The lack of a legal regime means that no cyber
21
Geneva Convention exists to prohibit attacks on civilian entities, which in turn has expanded the
array of traditional targets, blurring the line between the civilian and military spheres. Most
attacks are directed against critical infrastructure, the “systems and assets, whether physical or
virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the
19
Thomas C. Wingfield, “International Law and Information Operations,” in ​Cyberpower and National
Security​, ed. Franklin D. Kramer, Stuart H. Starr, and Larry K. Wentz, (Washington, D.C.: National
Defense University Press and Potomac Books, Inc.). 541.
20
​Ibid​., 526.
21
Jayson M. Spade, “China’s Cyber Power and America’s National Security,” U.S. Army War College,
2011. 32.

10. Hill 10
security, economy, public health or safety, [or] environment,” of the nation. ​
To operate
22
efficiently in the information age, these systems increasingly rely on electronic communication
networks, making them vulnerable to cyber attacks, so even a minor disruption could potentially
destroy property or even cause civilian deaths. Furthermore, since the private sector controls
over 85% of U.S. critical infrastructure, further expanding the ramifications of a large cyber
attack across into global financial markets, potentially making the figure of $700 billion an
underestimate.
23
Cyber warfare presents a number of new challenges to the conventional security
landscape, often contradicting previously reliable tenets of warfare. The staggering offensive
advantages of waging war in cyberspace – the low costs and risk of identification or retaliation
and potential for higher results – are leading to increasingly aggressive and technically advanced
attacks across all areas of life. These new threats are driving state and private actors to rapidly
increase both their offensive and defensive capabilities in the cyber domain, redefining
traditional concepts of regional power structures in the process. Nowhere is this more apparent
than in the Asia­Pacific.
Cyber Threats to U.S. Interests in the Asia­Pacific
The Asia­Pacific, home to both developing and highly developed countries, strategic
rivalries and territorial disputes, and highly advanced technologies, presents a unique case study
to consider the implications for power dynamics raised by the cyber domain, especially in light
22
Examples would include power grids, communication lines, oil pipelines, water supplies, stock
exchanges, financial institutions, and multinational corporations. See Cartwright, ​ibid.,​ 5.
23
Lord and Sharp, ​ibid.,​ 23

11. Hill 11
of the ongoing power shift brought about by China’s rise. Indeed, the growing economic might
of the Middle Kingdom, and the increasing regional dependency upon a U.S. security presence
has only spurred the already rapid growth of cyber capabilities within nations of the Asia­Pacific.
The People’s Republic of China
An inestimable amount of cyber attacks originate in the PRC every year, and Chinese
websites host nearly ten times more malware (malicious software) than the world average.
24
Though tracking capabilities are improving, precise attribution remains difficult in many
instances, and the prevalence of non­state cyber actors further complicates the issue. There is
significant debate within the U.S. intelligence community (IC) over the degree to which Chinese
cyber attacks are state­sponsored, state­condoned, or perpetrated by rogue civilian entities, and
when accused, the Chinese government firmly denies any culpability. While precise attribution
may prove difficult, the IC has traced Chinese cyber attacks to a large network of cyber actors,
including at least four departments of the General Staff Department, six technical reconnaissance
bureaus within the People’s Liberation Army (PLA), and numerous PLA­sponsored information
warfare units. These government units often collaborate with the Chinese telecom industry and
civilian hacker community, both to draw from their expertise and to create plausible deniability.
25
On February 18, 2013, DC­based cyber security firm Mandiant released an in­depth and
highly regarded report exposing the operations of one such unit ­ Advanced Persistent Threat
24
U.S.­China Economic and Security Review Commission (USCC),“2012 Report to Congress,” U.S.
Government Printing Office, 2012. 152.
25
Bryan Krekel, “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer
Network Exploitation,” October 2009 Northrop Grumman Report for the US­China Economic and
Security Review Commission. 30­50.

12. Hill 12
(APT) 1 believed to be Unit 61398 of the PLA General Staff Department based in Shanghai.
According to the report, APT1 employs hundreds if not thousands of experts proficient in covert
communications, English linguistics, operating system internals, digital signal processing, and
network security. The unit has stolen hundreds of terabytes of classified and proprietary
information in twenty strategically important industries from at least 141 organizations around
the globe since 2006 and have actively influenced Chinese negotiations of international
investments including the attempted acquisition of Chesapeake Energy's natural gas division in
an effort to acquire fracking technology. ​
As one commentator described APT1’s operations,
26
“It is as though Goldman Sachs were able to use the wiretapping expertise of the NSA in order to
get a leg up on its overseas competitors.”
27
Various cyber attacks have emanated from China since at least 1999, when an all­out
hacker war erupted between China and Taiwan after Chinese hackers shut down or defaced
Taiwanese websites through a series of DDOS attacks. That same year, outraged Chinese
hackers defaced U.S. government websites following the accidental U.S. bombing of the PRC’s
Serbian embassy. Similar attacks have continued ever since, usually during periods of political
tension, as happened in 2001 following the collision of a US Navy EP­3 reconnaissance plane
and a People’s Liberation Army Navy (PLAN) F­8 fighter. Attacks escalated to network
penetration and information theft in 2003 when hackers in Hubei and Fujian provinces breached
the network defenses of thirty Taiwanese government agencies including the Defense Ministry,
Election Commission, and National Police Administration. More advanced cyber offensives,
26
“APT1: Exposing One of China’s Cyber Espionage Units,” Mandiant Corporation, Feb. 18, 2013.
27
David Cohen, “The Growing Spotlight on China’s Cyber Activities,” ​The Diplomat​. Feb. 20, 2013.
http://thediplomat.com/china­power/chinas­cyber­problem/.

13. Hill 13
like Operation Titan Rain, most frequently target cabinet level government agencies. Discovered
in August 2005, Titan Rain enabled Chinese hackers to penetrate DOD networks for two years
before being detected. ​
Ministries of Defense, Finance, and Foreign Affairs tend to be targeted
28
the most frequently and aggressively, especially in Taiwan, Japan, and the United States.
To date, Chinese hackers have penetrated foreign affairs, defense, and intelligence
agencies across the globe, most notably through the GhostNet cyber espionage network that, by
March 2009, had penetrated security systems on over 1300 host networks in 103 countries.
29
The intelligence gathered from such operations, combined with an ability to access and shut
down critical infrastructure, creates a significant strategic advantage for the PRC and only
hastens its rise in prominence.
The Russian Federation
China is not the only cyber­juggernaut to be found in the Asia­Pacific; the Russian
Federation also has a storied history of cyber warfare and is considered by many members of the
IC to be even more sophisticated than China in the cyber domain. Russia first addressed
concerns over cyberspace a mere eight months into the first presidential administration of
Vladimir Putin with the release of the first Russian Federation Information Security Doctrine in
September, 2000. The Doctrine and related amendments, grant the government significant
controls over the flow of digital information on Russian servers, and the Russian government
owns the vast majority of the country’s internet infrastructure. More recently, the government
released its first official public document detailing the Russian military’s role in cyberspace, the
28
Krekel, ​ibid.,​ 67­70.
29
​Ibid​., 74.

14. Hill 14
Conceptual Views on the Activity of the Russian Federation Armed Forces in Information Space,
at an information security conference in Berlin on 14 December 2011.
Both documents, and many more of lesser significance, portray official Russian cyber
operations as primarily defensive in nature. However, the Russian government has been blamed
for several well­documented cyber attacks – most notably a 2007 cyber war with Estonia, and the
use of cyber attacks to augment kinetic military action in the 2008 South Ossetia War. In the
Estonia attacks, Russian hackers launched large scale DDOS attacks against Estonian
government, media, and financial servers in response to the Estonian government’s decision to
relocate a Soviet­era war memorial. The attacks were so massive that they effectively forced
Estonia to temporarily disconnect from the internet after the attacks threatened to cripple their
banking and transportation sectors. ​
The 2008 instance showed more sophistication, disabling
30
large swaths of Georgian internet infrastructure ahead of Russian military advances and crippling
communication both within Georgia and with the outside world. ​
Like their Chinese
31
counterparts, these attacks, though generally attributed to the Russian government, tend to rely
on third party civilian hackers and large scale criminal enterprises.
Russia has been further implicated in numerous attacks on the United States. In 2009, the
Wall Street Journal reported that both China and Russia had penetrated the U.S. power grid,
navigating the length of the system and leaving behind malware that could potentially disrupt the
system. ​
The most recent large scale cyber espionage operation, dubbed Red October by
32
Kaspersky Lab, has been described as originating from Russian­speaking attackers. Though no
30
“Cyberwar: War in the Fifth Domain,” ​ibid.
31
​Ibid​.
32
Siobhan Gorman, “Electricity Grid in U.S. Penetrated by Spies,” ​The Wall Street Journal​. April 8,
2009. http://online.wsj.com/article/SB123914805204099085.html.

15. Hill 15
one has yet attributed the attack to the Kremlin specifically, the sophisticated Flame­like nature
of the malware together with the diplomatic and government nature of its targets indicate
government involvement of some form. The five year operation stole intelligence information,
access information for classified systems, and data from personal mobile devices primarily from
targets located throughout Eastern Europe, Central Asia, and former USSR republics.
33
Since Putin reassumed the presidency in May 2012, not only has he continued to voice his
concerns over the state of Russian cyber capabilities, announcing plans for a Russian cyber
command, ​
but he has also initiated his own East Asian pivot, becoming more active in regional
34
dialogues and investing heavily in Siberia and the Russian Far East.
The Democratic People’s Republic of Korea
While China and Russia quickly come to mind when discussing modern technological
threats in Asia, few people naturally think of the DPRK. Much of their technical capabilities rely
on outdated, Cold War era technologies, and most of the privileged citizens with access to a
computer network are restricted to the domestically developed intranet – a DPRK­only network
that has never been connected to the World Wide Web to ensure continued government control
over the flow of outside information within their borders. ​
While the internet has penetrated the
35
borders of the DPRK, user privileges remain heavily regulated and primarily restricted to
prominent government and military officials in Pyongyang. Despite such limited access,
33
“Kaspersky Lab Identifies Operation “Red October,” an Advanced Cyber­Espionage Campaign
Targeting Diplomatic and Government Institutions Worldwide,” ​Virus News​. Kaspersky Lab, Jan. 14,
2013. http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_Identifies_Operation_Red_
October_an_Advanced_Cyber_Espionage_Campaign_Targeting_Diplomatic_and_Government_Institutio
ns_Worldwide.
34
David J. Smith, “Russian Cyber Operations,” Potomac Institute Cyber Center. July, 2012. 2.
http://www.potomacinstitute.org/attachments/article/1273/Russian%20Cyber%20Operations.pdf.
35
Scott Thomas Bruce, “A Double­Edged Sword: Information Technology in North Korea,” Analysis
from the East­West Center, No. 105, October 2012, AsiaPacific Issues Series. 2.

16. Hill 16
however, a 2003 study ranked the DPRK tenth in the world with regards to its ability to launch
cyber attacks.
36
Although it is only now developing wireless networks and less than three percent of the
population uses any form of modern telecommunications service at all, Pyongyang actually
possesses a substantial telecommunications infrastructure. ​
Beginning in 1990, the government
37
used assistance from the United Nations Development Programme (UNDP) to lay high speed
fiber optic cables beneath the streets of Pyongyang. By October 10, 2000, a Thai­DPRK joint
venture telecommunications company had run fiber optic lines capable of transmitting data at a
rate of 2.5GB per second between Pyongyang and nine provincial capitals, and Hunchun in
China’s Jilan Province as well. ​
In 2002, the North Korean government launched the
38
Kwangmyong​, a closed­network intranet, complete with websites, message boards, chat
functions, and other normal internet capabilities. ​
Since that time, China has helped the DPRK
39
circumvent UN and U.S. sanctions on the import of telecommunications technology ​
in order to
40
establish a relatively strong and well­controlled computer network. The North Korean
government has shown considerable interest in expanding their internet presence, having
launched a number of collaborative IT projects with Syracuse University in New York, and even
going so far as to send a twelve member delegation to Google headquarters in Mountain View,
36
Kay Hear, Patricia A. H. Williams, and Rachel J. Mahncke, “International Relations and Cyber Attacks:
Official and Unofficial Discourse,” (paper presented at the 11​th​
Australian Information Warfare and
Security Conference, Edith Cowan University, Perth Western Australia, Nov. 30 – Dec. 2, 2010). 9.
37
Alexandre Y. Mansourov, “North Korea on the Cusp of Digital Transformation,” Nautilus Institute
Special Report – October 20, 2011. 1.
38
​Ibid​. 8­9.
39
Bruce, ​ibid​.
40
​Ibid.​ 28­30.

17. Hill 17
California. ​
What network and cyber capabilities the DPRK does currently possess have been
41
placed at the full disposal of a dedicated 3000 personnel cyber warfare unit within Office 121.
42
According to a North Korean hacker who defected in 2007, the entire cyber operations
staff of the combined DPRK central government and armed forces stands at or around 30,000
personnel. ​
Hackers that comprise this unit are drawn from across the country and trained from
43
as young as age 10 at the Mangyongdae Schoolchildren’s Palace ​
and later at the DPRK’s top
44
universities, including the Pyongyang Automation University (formerly Mirim University) which
employs Russian professors from the Funze Military Academy to train approximately 100
world­class hackers a year for the North Korean military. ​
Other universities send promising
45
hackers abroad to hone their skills in more technologically advanced environments.
46
The DPRK has been accused of intruding into water and drainage systems, penetrating
U.S. and ROK government agencies, stock exchange websites, news media, and financial
institutions. Given the attribution problems associated with cyber warfare, confirmation of
attackers’ origins can be difficult, and Pyongyang generally denies responsibility. In July of
2009, DPRK hackers launched a massive DDOS campaign against U.S. and South Korean
government and financial sector websites. While no information was stolen, the attacks did
41
​Ibid.​ 27.
42
Sunny Lee, “U.S. Strategy toward North Korea’s Cyber Terrorism,” (paper presented at the 2011
Dupont Summit, Carnegie Institution for Science, Washington, D.C. Dec. 2, 2011). 8, 11.
43
“N.Korea Trains Up Hacker Squad,” ​The Chosunilbo, ​Mar. 8, 2011.
http://english.chosun.com/site/data/html_dir/2011/03/08/2011030800611.html.
44
Hear, Williams, and Mahncke, ​ibid​.
45
S. Lee, ​ibid.​, 8.
46
Jeremy Laurence, “North Korea Hacker Threat Grows as Cyber Unit Grows: Defector,” Reuters, Jun.
1, 2011. http://www.reuters.com/article/2011/06/01/us­korea­north­hackers­idUSTRE7501U420110601.

18. Hill 18
expose critical vulnerabilities in both nations’ cyber defenses. ​
In 2010, the North attempted to
47
disrupt the G­20 Summit in Seoul by attacking the city’s water and drainage systems. ​
In May
48
2011, DPRK­based hackers penetrated and shut down the credit card and ATM services of the
Nonghyup bank for over a week. ​
On March 20, 2013, amidst the latest round of escalation on
49
the Korean Peninsula, DPRK hackers shut down the networks of three of the South’s major
banks and its three largest TV broadcasters. They were then able to target and corrupt operating
systems connected to the network with a new sophisticated malware. ​
The ROK Defense
50
Ministry elected to establish a new department to oversee new cyber deterrence policies in
response.
51
As the DPRK cyber threat grows, it may eventually be considered more dangerous than
the country’s nuclear weapons program. The North’s current nuclear stockpile is small, their
launching capabilities limited, and thanks to the threat of a massive nuclear retaliation,
considered by many to be a mere deterrent. But without the possibility of deterrence or the threat
of retaliation, a large scale North Korean cyber attack could potentially cause catastrophic
damage to the critical infrastructure of the United States. While they have yet to cause serious or
47
“U.S. Eyes N. Korea for ‘Massive’ Cyber Attacks,” MSNBC.com, July, 9, 2009.
http://www.msnbc.msn.com/id/31789294/ns/technology_and_sciencesecurity/t/us­eyes­n­korea­massive­
cyber­attacks/#.UMuTOG­P3U5.
48
Hear, Williams, and Mahncke, ​ibid​., 9.
49
Laurence, ​ibid.
50
Mihoko Matsubara, “Lessons from the Cyber­Attacks on South Korea,” ​The Japan Times​. March 26,
2013.
http://www.japantimes.co.jp/opinion/2013/03/26/commentary/lessons­from­the­cyber­attacks­on­south­k
orea/#.UZJyvLW872t.
51
Kim Eun­jung, “Defense Ministry to Establish Cyber Policy Department,” ​Yonhap News Agency. ​April
2, 2013.
http://english.yonhapnews.co.kr/techscience/2013/04/02/0601000000AEN20130402005300315.HTML.

19. Hill 19
debilitating damage, DPRK cyber operations are becoming progressively complex, and thus
remain a major concern throughout the region.
Cyber Defense of U.S. Interests in the Asia­Pacific
The existence of two belligerent and very cyber­capable nations in the region only
accelerates the already extraordinary growth in cyber security infrastructure within the rest of the
Asia­Pacific. While current deterrence capabilities in cyber warfare remain limited, defensive
weapons and substantial defensive and retaliatory cyber units exist or are under development
throughout the region, in nations both large and small.
The Republic of China (Taiwan)
In 1998, Taiwan became one of the first countries to devote substantial resources to
developing cyber security infrastructure and cyber warfare capabilities, inaugurating a dedicated
cyber warfare unit on January 2, 2001 at the behest of the United States. The battalion­sized unit
of specialized troops is directly controlled by the office of the Chief of General Staff and acts
independently of the armed forces. ​
Over the past decade, the unit has developed significant
52
cyber defenses, aided in part by a highly educated, computer savvy civilian sector. In addition,
the battalion, known as the “Tiger Team,” ​
also possesses renowned offensive capabilities,
53
52
James Mulvenon, “Taiwan and the Revolution in Military Affairs,” in ​Information Revolution in
Military Affairs in Asia​, ed. Emily O. Goldman and Thomas G. Mahnken, (New York: Palgrave
Macmillan, 2004). 157­160.
53
Arthur S. Ding, “Taiwan: From Integrated Missile Defense to RMA?” in Goldman and Mahnken, ​ibid​.
171­172.

20. Hill 20
having created thousands of advanced computer viruses primarily targeting the PRC. ​
Most
54
recently, the budget for fiscal year 2013 allocates funding for the establishment of an
experimental facility for simulated cyber warfare.
55
The Republic of Korea
The Republic of Korea, one of the world’s most wired countries, established the Korean
Information Security Agency (KISA) in 1996 to develop reactionary capabilities to respond and
recover from cyber attacks. ​
Following the DPRK’s DDOS campaign July of 2009, however,
56
the Ministry of National Defense consolidated computing and data centers into the Consolidated
Defense Information Data Center to establish “network­centric defense information systems,”
with the passage of the Defense Informatization Act on February 4, 2010. ​
With U.S.
57
assistance, the ROK also launched a Cyber Warfare Command in early 2010. Current cyber
forces consist of 1000 personnel but are under consideration for significant expansion. ​
Also in
58
2010, South Korea began holding ROK­US Information Assurance Working Group Meetings
and participating in semiannual DOD­sponsored International Cyber Defense Workshops. ​
In
59
2012 these two allies began holding U.S.­ROK Cyber Policy Consultations to “strengthen
54
Mulvenon, ​ibid​. 157­161.
55
Thanya Kunakornpaiboonsiri, “Taiwan to Beef Up Cyber Warfare Unit: Report,” FutureGov, Sept. 5,
2012. http://www.futuregov.asia/articles/2012/sep/05/taiwan­beef­cyber­warfare­unit­report/.
56
Jeffrey Carr, ​Inside Cyber Warfare: Mapping the Cyber Underworld​, (Sebastopol: O’Reilly, 2012).
258.
57
“2010 Defense White Paper,” Ministry of National Defense, Republic of Korea, Mar. 31, 2011.
158­163.
58
Kim Eun­jung, “S. Korea to Upgrade Preparedness against North’s Cyber, Nuclear Attacks,” Yonhap
News Agency, Aug. 29, 2012.
http://english.yonhapnews.co.kr/national/2012/08/29/18/0301000000AEN20120829008600315F.HTML.
59
​Ibid.,​ 165

21. Hill 21
cooperation with respect to protection of, and access to…cyberspace domains and to promote the
resilience of critical infrastructure, including the security of information and space systems.”
60
Japan
In their most recent report, Armitage and Nye discuss the increasing importance of cyber
operations to national security and call for the establishment of a joint U.S.­Japan cyber security
center, noting that, “Without common safeguards and standards in information assurance,
U.S.­Japan communication channels are increasingly vulnerable to outside infiltration.” ​
But
61
until very recently, Japanese concepts of cyber operations have focused more on establishing
interoperability with U.S. communications systems and modernizing domestic military forces
than developing a capacity for cyber warfare. ​
In 2008, however, the Defense Ministry began
62
progressing toward a cyber RMA through the development of a defensive cyber weapon capable
of tracing attacks to their source and shutting down infected computers along the way.
63
Following a 2+2 meeting in 2011, Japan announced plans to establish a bilateral strategic policy
dialogue on cyber security issues with the United States. ​
In 2012, the Ministry of Defense
64
announced that it would send a liaison to U.S. Cyber Command to collaborate with the United
States on the creation of a Self Defense Force cyber defense unit. ​
The Japanese government
65
60
“Joint Communique: The 44​th​
U.S. – ROK Security Consultative Meeting,” U.S. Department of
Defense, October 24, 2012. 6.
61
Richard L Armitage. and Joseph S. Nye, “The U.S.­Japan Alliance: Anchoring Stability in Asia,”
Center for Strategic & International Studies, August, 2012.
62
Sugio Takahashi, “The Japanese Perception of the Information Technology­Revolution in Military
Affairs: Toward a Defensive Information­Based Transformation,” in Goldman and Mahnken, ​ibid​.
63
“Govt Working on Defensive Cyberweapon / Virus Can Trace, Disable Sources of Cyber­Attacks,”
Daily Yomiuri Online​, Jan. 3,2012. http://www.yomiuri.co.jp/dy/national/T120102002799.htm
64
Hillary Clinton ​et. al, ​“Toward a Deeper and Broader U.S.­Japan Alliance: Building on 50 Years of
Partnership,” Joint Statement of the Security Consultative Committee, June 21, 2011.
65
“Japan, U.S. to Review Defense Guidelines,” ​The Japan Times Online​, Nov. 11, 2012.
http://www.japantimes.co.jp/text/nn20121111a8.html.

22. Hill 22
has yet to clearly define what constitutes an offensive cyber operation or act of cyber warfare,
keeping open the possibility of Japanese cyber operations that might otherwise violate the
country’s constitutional restrictions on offensive military action.
ASEAN Member States
ASEAN nations began seriously looking into cyber defense issues as early as the 2004
ASEAN Regional Forum (ARF), and are currently working to integrate their national CERTs –
Computer Emergency Response Teams – in order to strengthen government network security
and assist each other in combatting cyber attacks. ​
Most developed nations established CERTs,
66
which are offshoots of a DARPA initiative, by the mid­2000s. These teams do not constitute
defensive measures or cyber warfare units so much as reactionary response units designed to
help government systems quickly recover from a cyber attack. Singapore, Thailand, and the
Philippines, however, are known to have cyber defense units. Myanmar has also used cyber
warfare since the 1990s, primarily against opposition forces within its own borders.
67
Australia
Australia has been criticized by some as “laggard,”​ ​
in establishing competent national
68
cyber security programs, having just released their first cyber security strategy in 2009 ​
and
69
establishing a Cyber Security Operations Centre in January of 2010. However, they have
worked diligently alongside their allies to boost their presence in the fifth domain, formally
66
Council for Security Cooperation in the Asia Pacific (CSCAP), “Ensuring a Safer Cyber Security
Environment,” CSCAP Memorandum No. 20, May 2012. 3.
“Member Teams,” Asia Pacific Computer Emergency Response Team, 2012.
http://www.apcert.org/about/structure/members.html
67
Carr, ​ibid.,​ 253.
68
Gary Waters, Desmond Ball, Ian Dudgeon, ​Australia and Cyber­Warfare,​ (Canberra: ANU E Press,
2008). ix.
69
“Cyber Security Strategy,” Commonwealth of Australia, 2009.

23. Hill 23
agreeing to collaborate with the United States in November 2010 and with the United Kingdom
in January 2011, to both boost their cyber security policy and to build cyber warfare capabilities.
While Australia has invested heavily in cyber security since the release of their 2009 white
70
paper and cyber security strategy, the full extent of their cyber capabilities remains unknown to
the public, as publication of the country’s much anticipated cyber white paper was abandoned
after more than six months in delays.
71
Over the last several years, cyber security and cyber warfare have grown exponentially
throughout the Asia­Pacific, thanks in large part to assistance and investment from the United
States. As the most cyber capable nation in the world and a leader in cyber technology, the
United States advice and technical assistance is highly sought after, especially by allied nations.
But for this same reason, the United States is a favorite target of cyber operations perpetrated by
belligerent nations. Both trends are rapidly proliferating throughout the Asia­Pacific and
undoubtedly influence the current power shifts in the region.
Implications for Regional Power Dynamics
The advent of cyber warfare stands to drastically reshape the power dynamics of the
Asia­Pacific. The addition of a fifth domain of warfare consumes an ever growing amount of
national resources and has shifted battlefield and intelligence gathering strategies. But as state
and non­state actors alike develop new capabilities, these shifts will infiltrate the larger power
70
Robert McClelland, Stephen Conroy, Stephen Smith, “Cyber White Paper,” Australian Labor Party
Website, June 3, 2011. http://www.alp.org.au/federal­government/news/cyber­white­paper/.
71
Paul Maley, “Downgrade for Cyber Security White Paper,” ​The Australian​. Jan. 29, 2013.
http://www.theaustralian.com.au/national­affairs/defence/downgrade­for­cyber­security­white­paper/story
­e6frg8yo­1226563800851.

24. Hill 24
dynamics of the region, potentially altering the balance of power beyond the sort of regional
bipolarity between the United States and China that many scholars currently predict.
The prospect of cyber warfare fosters cooperation throughout the region, strengthening
traditional alliances, and unifying non­allied nations against an intangible, pervasive threat. The
United States currently works very closely with both South Korea and Australia to develop and
strengthen their cyber warfare capabilities, and they are beginning to extend these efforts to
Japan. The United States may also assist its other regional allies – Thailand and the Philippines
– as well as its strategic partner, Singapore. U.S. relations with these countries have drawn
criticism during the Obama administration’s so­called pivot for nominal military investments or
for troop reductions, ​
but in reality the United States contributes much more to the defense of
72
these nations than may first be apparent.
Indeed, the region in general is experiencing a heightened degree of cooperation, with
nearly twenty nations coordinating cyber security efforts through the Asia­Pacific CERT
(APCERT). Should cyber operations be used to complement kinetic warfare against an ASEAN
member state, one can reasonably assume that others will come to their aid by hosting internet
traffic on other servers, as was the case in 2008 when Estonia and Poland volunteered to host
websites of the Georgian government while it was under cyber attack from Russia. ​
Though the
73
cyber threat has brought many nations together, these increased levels of regional cooperation
may potentially widen the U.S. – China power split by providing yet another avenue for
72
Bruce Klingner and Dean Cheng, “U.S. Asian Policy: America’s Security Commitment to Asia Needs
More Forces,” The Heritage Foundation, Aug. 7, 2012.
http://www.heritage.org/research/reports/2012/08/americas­security­commitment­to­asia­needs­more­forc
es.
73
Jeremy Kirk, “Estonia, Poland Help Georgia Fight Cyber Attacks,” ​IDG News Service​. Aug. 12, 2008.
http://www.pcworld.com/article/149700/cyberattacks.html.

25. Hill 25
dependence upon a continued U.S. presence. Alternatively, it may boost Putin’s goal of a
Russian resurgence in the Asia­Pacific, providing a new option that may be perceived as less
hostile by Beijing.
Some of the most influential aspects of the cyber domain are its offensive dominance and
affordability, which have to some extent, offset the offensive superiority of countries like China
and the United States. Nye explains that, as offensive cyber capabilities grow, and defensive
capabilities grow more expensive, smaller powers will see a rise in parity of military capability:
“The characteristics of cyberspace often reduce power differentials among actors, and
thus provide a good example of the diffusion of power that typifies global politics in this
century. The largest powers are unlikely to be able to dominate cyberspace as much as
they have dominated other domains like sea or air. While powerful nations have greater
resources, they also have greater vulnerabilities.”
74
This exposure to new and increasing vulnerabilities results from the progressive integration of
societies, economies, and militaries through electronic communications technology in
cyberspace. While this may demand more resources be devoted to national defenses, it also
reduces the need for a large troop presence, and thus may slow the escalation of conventional
military forces that many foresee occurring in the Asia­Pacific.
Interestingly, this has made China and Russia the loudest voices in calling for the
establishment of an international legal framework for cyberspace. ​
While China possesses
75
extensive cyber capabilities, the central government feels increasingly threatened by the
developing cyber potential of neighboring states as well as the internet’s capacity to foment
domestic unrest. The government’s response to the latter has been infamously dubbed, “The
74
Joseph S. Nye, Jr. “Power and National Security in Cyberspace,” in ​America’s Cyber Future: Security
and Prosperity in the Information Age​, Vol.2, ed. Kristin M. Lord and Travis Sharp, Center for a New
American Security, June 2011. 7.
75
USCC, ​ibid.​, 165­166.

26. Hill 26
Great Firewall of China,” by the public. Furthermore, as the region comes to increasingly rely
on a U.S. military presence, China anticipates increased U.S. involvement in developing cyber
warfare capabilities for lesser states. With the costs of cyber defense being exponentially higher
than those of a cyber attack, China has expressed concern that the cyber domain may undermine
the Middle Kingdom’s rise. ​
Thus the threats of the cyber domain have actually further
76
integrated the PRC into the international community by increasing Chinese need to utilize and
work with international institutions, and therefore may potentially help to open China to
international norms. On the regional scale, this reliance upon international institutions, together
with the growing sense of regional unity, may actually prevent the chaos that many scholars
predict will be brought about by the U.S.­China dichotomy, and instead act as a catalyst for
increased stability within the Asia­Pacific.
Conclusions
Cyber warfare remains in its infant stage and is primarily confined to intelligence
operations, but a number of currently non­existing threats are anticipated to become a reality in
coming years, particularly attacks on critical infrastructure and military lines of communication.
As military investment grows and technological innovation evolves, cyber warfare will play an
ever larger part in both covert espionage and overt conflict. In the Asia­Pacific, where two of the
world’s most powerful countries compete for influence, this revolution in military affairs shows
potential to radically alter the strategic landscape of the region.
76
​Ibid​.

27. Hill 27
But the introduction of an offense­dominated warfare domain, impacts more than just
conflict and more than one confined region of the globe – what can currently be observed
occurring throughout the Asia­Pacific will be replicated around the world. As cyber capabilities
continue to grow and expand, so too will communications­driven integration, both domestically
among economies, societies, and militaries, and internationally between nations and among
members of multilateral organizations, potentially reversing previous trends in regional power
dynamics.

28. Hill 28
Bibliography
“2010 Defense White Paper.” Ministry of National Defense, Republic of Korea. Mar. 31, 2011.
“APT1: Exposing One of China’s Cyber Espionage Units.” Mandiant Corporation, Feb. 18,
2013.
Armitage, Richard L. and Joseph S. Nye. “The U.S.­Japan Alliance: Anchoring Stability in
Asia.” Center for Strategic & International Studies. August, 2012.
Bruce, Scott Thomas “A Double­Edged Sword: Information Technology in North Korea.”
Analysis from the East­West Center. No. 105, October 2012. AsiaPacific Issues Series.
Carr, Jeffrey. ​Inside Cyber Warfare: Mapping the Cyber Underworld​. Sebastopol: O’Reilly,
2012.
Cartwright, James E. “Joint Terminology for Cyberspace Operations,” U.S. Department of
Defense, 2010.
Clinton, Hillary, Robert Gates, Matsumoto Takeaki, and Kitazawa Toshimi. “Toward a Deeper
and Broader U.S.­Japan Alliance: Building on 50 Years of Partnership.” Joint Statement
of the Security Consultative Committee. June 21, 2011.
Cohen, David. “The Growing Spotlight on China’s Cyber Activities,” ​The Diplomat​.
Feb. 20, 2013. http://thediplomat.com/china­power/chinas­cyber­problem/.
Cohen, Eliot. “A Revolution in Warfare,” ​Foreign Affairs​, Mar/April 1996, Vol. 75, Issue 2.
Council for Security Cooperation in the Asia Pacific (CSCAP). “Ensuring a Safer Cyber Security
Environment.” CSCAP Memorandum No. 20. May 2012.
“Cyber Security Strategy.” Commonwealth of Australia. 2009.
“Cyberattacks on Iran – Stuxnet and Flame,” ​The New York Times​, last updated Aug. 9, 2012.
http://topics.nytimes.com/top/reference/timestopics/subjects/c/computer_malware/stuxnet
/index.html.
“Cyberwar: War in the Fifth Domain: Are the Mouse and Keyboard the New Weapons of
Conflict?” The Economist, July 1, 2010, http://www.economist.com/node/16478792.
Goldman, Emily O. and Thomas G. Mahnken, editors. ​Information Revolution in Military Affairs
in Asia​. (New York: Palgrave Macmillan, 2004).
Gorman, Siobhan. “Electricity Grid in U.S. Penetrated by Spies,” ​The Wall Street Journal​.
April 8, 2009. http://online.wsj.com/article/SB123914805204099085.html.

29. Hill 29
“Govt Working on Defensive Cyberweapon / Virus Can Trace, Disable Sources of Cyber­
Attacks.” Daily Yomiuri Online. Jan. 3,2012.
http://www.yomiuri.co.jp/dy/national/T120102002799.htm.
Hear, Kay, Patricia A. H. Williams, and Rachel J. Mahncke. “International Relations and Cyber
Attacks: Official and Unofficial Discourse.” Paper presented at the 11th Australian
Information Warfare and Security Conference, Edith Cowan University, Perth, Western
Australia, Nov. 30 – Dec. 2, 2010.
“Japan, U.S. to Review Defense Guidelines.” The Japan Times Online. Nov. 11, 2012.
http://www.japantimes.co.jp/text/nn20121111a8.html.
“Joint Communique: The 44th U.S. – ROK Security Consultative Meeting.” U.S. Department of
Defense. October 24, 2012.
“Kaspersky Lab Identifies Operation “Red October,” an Advanced Cyber­Espionage Campaign
Targeting Diplomatic and Government Institutions Worldwide.” ​Virus News​.
Kaspersky Lab, Jan. 14, 2013. http://www.kaspersky.com/about/news/virus/2013/
Kaspersky_Lab_Identifies_Operation_Red_October_an_Advanced_Cyber_Espionage_
Campaign_Targeting_Diplomatic_and_Government_Institutions_Worldwide.
Kim Eun­jung, “Defense Ministry to Establish Cyber Policy Department.” ​Yonhap News Agency​.
April 2, 2013.
Kim Eun­jung. “S. Korea to Upgrade Preparedness against North’s Cyber, Nuclear Attacks.”
Yonhap News Agency. Aug. 29, 2012.
http://english.yonhapnews.co.kr/national/2012/08/29/18/0301000000AEN201208290086
00315F.HTML.
Klingner Bruce and Dean Cheng. “U.S. Asian Policy: America’s Security Commitment to Asia
Needs More Forces,” The Heritage Foundation. Aug. 7, 2012.
http://www.heritage.org/research/reports/2012/08/americas­security­commitment­to­asia­
needs­more­forces.
Kramer, Franklin D. Stuart H. Starr, and Larry K. Wentz, editors. ​Cyberpower and National
Security​. Washington, D.C.: National Defense University Press and Potomac Books,
Inc. 2011.
Krekel, Bryan. “Capability of the People’s Republic of China to Conduct Cyber Warfare and
Computer Network Exploitation.” October 2009 Northrop Grumman Report for the US­
China Economic and Security Review Commission.
Kunakornpaiboonsiri, Thanya. “Taiwan to Beef Up Cyber Warfare Unit: Report.” FutureGov.
Sept. 5, 2012.

30. Hill 30
http://www.futuregov.asia/articles/2012/sep/05/taiwan­beef­cyber­warfare­unit­report/.
Laurence, Jeremy. “North Korea Hacker Threat Grows as Cyber Unit Grows: Defector.”
Reuters.
Jun. 1, 2011.
http://www.reuters.com/article/2011/06/01/us­korea­north­hackers­idUSTRE7501U4201
10601.
Lee, Sunny. “U.S. Strategy toward North Korea’s Cyber Terrorism.” Paper presented at the 2011
Dupont Summit, Carnegie Institution for Science, Washington, D.C. Dec. 2, 2011.
Lord, Kristin M. and Travis Sharp, ​America’s Cyber Future: Security and Prosperity in the
Information Age​, Vol.1, Center for a New American Security, June 2011.
Maley, Paul. “Downgrade for Cyber Security White Paper.” ​The Australian​. Jan. 29, 2013.
http://www.theaustralian.com.au/national­affairs/defence/downgrade­for­cyber­security­
white­paper/story­e6frg8yo­1226563800851.
Mansourov, Alexandre Y. “North Korea on the Cusp of Digital Transformation.” Nautilus
Institute Special Report – October 20, 2011.
Matsubara, Mihoko. “Lessons from the Cyber­Attacks on South Korea.” ​The Japan Times​.
March 26, 2013. http://www.japantimes.co.jp/opinion/2013/03/26/commentary/lessons­
from­the­cyber­attacks­on­south­korea/#.UZJyvLW872t.
McClelland, Robert, Stephen Conroy, Stephen Smith, “Cyber White Paper.” Australian Labor
Party Website. June 3, 2011.
http://www.alp.org.au/federal­government/news/cyber­white­paper/.
“Member Teams.” Asia Pacific Computer Emergency Response Team. 2012.
http://www.apcert.org/about/structure/members.html
Mingst, Karen and Jack Snyder, editors. ​Essential Readings in World Politics​, Second Edition.
New York: Norton, 2004.
“N.Korea Trains Up Hacker Squad.” ​The Chosunilbo​. Mar. 8, 2011.
http://english.chosun.com/site/data/html_dir/2011/03/08/2011030800611.html.
Nye, Joseph S. Jr. “Power and National Security in Cyberspace.” Chapter in ​America’s Cyber
Future: Security and Prosperity in the Information Age​, Vol.2, Edited by Kristin M.
Lord and Travis Sharp. Center for a New American Security, June 2011.
Segaller, Stephen. ​Nerds 2.0.1: A Brief History of the Internet​. New York: TV Books, 1999.
Smith, David J. “Russian Cyber Operations.” Potomac Institute Cyber Center. July, 2012.

31. Hill 31
http://www.potomacinstitute.org/attachments/article/1273/Russian%20Cyber%20
Operations.pdf.
Spade, Jayson M. “China’s Cyber Power and America’s National Security.” U.S. Army War
College, 2011.
“The Flame: Questions and Answers,” SecureList Website, Kaspersky Labs, May 28, 2012.
https://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers.
U.S.­China Economic and Security Review Commission (USCC). “2012 Report to Congress.”
U.S. Government Printing Office, 2012.
“U.S. Eyes N. Korea for ‘Massive’ Cyber Attacks.” MSNBC.com. July, 9, 2009.
http://www.msnbc.msn.com/id/31789294/ns/technology_and_sciencesecurity/t/us­eyes­
n­korea­massive­cyber­attacks/#.UMuTOG­P3U5.
Von Clausewitz, Carl. ​On War​. Translated by Michael Howard and Peter Paret. New York:
Oxford University Press, 2007.
Waters, Gary, Desmond Ball, Ian Dudgeon. ​Australia and Cyber­Warfare​. Canberra: ANU E
Press, 2008.
White, Hugh. ​The China Choice: Why American Should Share Power.​ Australia: Black Inc.,
2012.