Professional Documents
Culture Documents
The United States’ 2010 National Security Strategy states that cyber-threats are “one
of the most serious national security, public safety, and economic challenges we
face as a nation” (The White House 2010:27). In June 2012, the then US Defense
Secretary Leon Panetta declared: “I’m very concerned that the potential in cyber
to be able to cripple our power grid. . .our government systems. . .our financial sys-
tems, would virtually paralyze this country. . .[T]hat represents the potential for
another Pearl Harbour” (Mora 2012). Panetta’s recognition of cyber-security con-
tinues to have resonance with the American elites’ thinking. In a recent statement
Chuck Hagel, the incumbent US Defense Secretary, commented that “cyber
threats are real, they’re terribly dangerous” (Alexander 2013). America has now
established a US Cyber Command to conduct cyber operations (US Department of
Defense 2011). Likewise in 2010, the United Kingdom’s National Security Strategy
characterized cyber-attacks as one of four “tier one” threats alongside terrorism,
military crises between states, and major accidents (UK Prime Minister 2010:11,
29, 34). Sharing this view, a European Parliament policy paper asserts that
1
We would like to thank anonymous reviewers and the editors for helpful comments and suggestions. Yong-Soo
would particularly like to thank Dae Shik Un for his encouragement and prayers. This work was supported by
Incheon National University Research Grant in 2012.
Eun, Yong-Soo, and Judith Sita Abmann. (2014) Cyberwar: Taking Stock of Security and Warfare in the Digital Age.
International Studies Perspectives, doi: 10.1111/insp.12073
Ó 2014 International Studies Association
2 Cyberwar
2
The hacks lasted until July 1. June 25, when the first wave of cyber-attacks began, is symbolic in that it marked
the 63rd anniversary of the outbreak of the 1950–1953 Korean War.
3
The original statement by Leon Trotsky (1879–1940) who was the founder and first leader of the Red Army is,
“You may not be interested in war, but war is interested in you.”
Y O NG -S OO E UN AND J UDITH S ITA A BM ANN 3
What Is Cyberwar?
As touched on earlier, states have begun to realize the dangerous potential
embedded in cyberspace and are attempting to find ways to deal with this new
4 Cyberwar
national security threat. Yet a thorny issue that surrounds the state policy and
scholarly work regarding cyberwar is establishing an accurate definition of the
term. What is cyberwar? Of course, prior to that, what is war? This is a question
that can bear many answers; there has been intense controversy over its mean-
ing: from Clausewitz’s famous “war is a mere continuation of policy by other
means. . .an act of violence to compel our opponent to fulfill our will” to Hedley
Bull’s description of war as “organised violence carried on by political units
against each other” or Michael Walzer’s understanding that “war is a social crea-
tion. What is war and what is not-war is. . .something that people decide” to the
Oxford Dictionary’s definition as “a state of armed conflict between different
countries or different groups within a country,” war can have various emphasized
aspects (Bull 1977:184; Clausewitz 1997:22; Walzer 2006:24). Attempting to
define “cyberwar” brings even more confusion: when is a cyber-attack “merely” a
nuisance and when can it be regarded as an act of aggression? Writing in 1995,
Toffler’s observation that “the gabble of terminology—Info-Doctrine, [Info-
Warfare], Cyberwar, C² Warfare, and other terms—reflects the still primitive
stage of discussion” holds true today (Toffler and Toffler 1995:188). Cyberwar is
the dominant term in the related literature though not uncontested; that the
usage of “war” should not be taken lightly is recognized (European Parliament
2011:11). Currently think-tanks and research institutions are engaging with this
new phenomenon of cyber-attacks, trying to arrive at a usable definition of cyber-
war, and provide practical government policies; yet, as the 2012 conference, “IT
Security in the Age of Cyber Warfare” demonstrates, cyber-security experts have
not yet succeeded in terms of offering clarification of the term: There are even
grammatical discrepancies with the use of “cyber war” or the contracted “cyber-
war.”4 According to Sue Poremba, some even raise a question of why we
even need a definition as it does not make cyberwar more or less destructive
(Poremba 2012).
4
To prevent any further confusion, this article (following the general usage of terms in the field of cyber-secu-
rity) uses the terms cyberwar and cyberwarfare without a hyphen. The term “cyberwar/cyberwarfare” has established
itself in the field of cyber-security and is used even by experts who disagree with the term.
Y O NG -S OO E UN AND J UDITH S ITA A BM ANN 5
• Self-replicating program
Virus • Deleting files, damaging programs, reformatting
hard drive, disrupting/debilitating the system
completely (ibid:51)
• Self-replicating program
Worm • Attempts to scan a network for vulnerable sytems
and automically exploits those (does not attach
itself to a program like a virus) (ibid)
To be sure, the diagram above does not end the terminological controversy;
academic definitions of cyberwar and related terms still may differ across authors
and in temporal and spatial terms. Furthermore, as cyberspace still lacks a legal
framework providing standards and rules, it is often unclear what cyberwar is
against “mere nuisance” from a legal, institutional perspective (Lonsdale 2004;
Carr 2010, 2011).
2000
1500
Votes
1000
500
0
Virus
Stolen Chinese Nonfatal
applied to Blackout, Data for Patriotic
information backdoor Simultan- nuclear
nuclear then attack sale attacks
trap eous attacks hacking
reactors
Yes 1253 486 490 2058 192 297 2049 1009
No 169 744 1490 23 1866 1746 22 1035
in Syria. The Israeli military, shortly before bombing the nuclear site, paralyzed
the Syrian air defense radar system. The sophisticated technology invaded the
Syrian communication network and manipulated it, hindering approaching air-
crafts from being shown on the radar (Fulghum 2007). Not considered as cyber-
war in the opinion poll are Chinese hacking, selling stolen data, or patriotic
attacks. This is particularly remarkable as a slew of journalists and even security
experts termed a US-Chinese hacking “war” and called the cyber-attacks paralyz-
ing Estonia “WWI”—Web War One (see The Economist 2010a). This is a major
hindrance in engaging with the study of cyberwarfare: The term itself is used too
freely; the definitions are unclear; and there is a lack of appreciation of a cyber-
weapon’s abilities. In short, one may have a rather broad definition of cyberwar
combining a consensus found in public opinion, but not without controversy.
To address such an issue and have a more sophisticated understanding of what
cases should and should not be labeled as cyberwarfare, there is a need to con-
sider empirical cases of recent cyber-incidents which are often described as cyber
“war” by commentators or scholars. Here, the traditional understanding of war
proposed by Clausewitz which emphasizes three characteristics that war has to be
political, instrumental, and violent (Clausewitz 1997) can provide us with a use-
ful guideline for defining this new, modern warfare in cyberspace and distin-
guishing between cyber-incidents that are more and less war-prone in nature.
With this basis, in what follows, this article will examine three real-life cases and
dwell on whether and to what extent they bear the hallmarks of aggressive, polit-
ical, and/or institutional aspects of traditional war. In doing so, the following
illustrations will be able to help us better understand the nature of cyber-attacks
and better define what cyberwarfare means (to us) and thus better prepare for
various future eventualities in international security.
Some Illustrations
Chinese Espionage
Most interstate cyber-incidents are cases of espionage (Arquilla and Ronfeldt
1997; Thornburgh 2005; Clarke and Knake 2012). For China, cyberspace and its
Y O NG -S OO E UN AND J UDITH S ITA A BM ANN 7
for this kind of mission because it does not require the “spy” to be physically pres-
ent while a large amount of data can be extracted without a clear attribution.
In 2011 Lockheed Martin was under a “significant and tenacious attack” origi-
nating from servers in China and occurring after China had threatened Lock-
heed Martin over selling its F-16 fighter jets to Taiwan (Charette 2011).
Lockheed Martin experienced major disruptions in its computer networks and
was forced to reset most of its security systems (Rash 2011). Attacks like these
are daily occurrences for defense contractors in America; the fear that China is
stealing confidential data is rising with every new attack.
6
A botnet is “a network of computers that have been compromised without their users’ knowledge, usually
through a computer virus. The attacker remotely controls these computers and commands them to carry out the
attack” (Brito and Watkins 2011:11).
Y O NG -S OO E UN AND J UDITH S ITA A BM ANN 9
What the Estonian case does show, however, is what we can expect in the
future: interstate crises will be accompanied by patriotic hacktivists. Governments
and their militaries also learned that a single cyber-attacker or group of cyber-
attackers have the ability to cause multiple disruptions to the daily life of a state
and its public authorities (Goetz, Rosenbach, and Szandar 2009). Likewise, as
with China and America, the potential for escalation is there if a state decides to
physically retaliate.
In comparison, the Russo-Georgian War in 2008 witnessed much more sophis-
ticated and coordinated attacks; experts here see a maturation of the cyberwar
process (Fritz 2008:57). Before fighting broke out in the “real” world, cyber-
attacks ensured that the Georgian government’s sites and news agencies were
majorly disrupted, making it difficult for Georgians to obtain information on
what was happening in the crisis with Russia. Again, email and banking systems
were paralyzed, as well as credit card and mobile phone systems; Clarke and
Knake believe that the coordination and the finances necessary to carry out such
major disruptions exceed hacktivists’ abilities, making government involvement
likely (Clarke and Knake 2012:20). This is, as so often, mere guesswork; it does
not mean that Russian cyber-warriors attacked Georgia. Certainly, however, the
Russian state did nothing to stop the cyber-attacks and refused to investigate the
incidents. The attacks also followed a more political-military agenda by accompa-
nying the kinetic attacks. They ensured that the Georgian government and popu-
lation were busy with the disruption of phones, email, and banking systems, as
well as news agencies which furthermore guaranteed a high level of confusion in
the country prior to and particularly during the physical attacks.
Stuxnet
Stuxnet is referred to as the first real cyber missile, setting itself apart from other
cyber-attacks (The Economist 2010b). Discovered in June 2010, the worm pre-
sented a novel cyber-weapon, unlike DDoS-attacks or previous forms of virus.
Usually worms are released and spread indiscriminately. Stuxnet was different; it
had a very specific target making it “by far the most sophisticated cyber-attack on
record” (Rid 2012). The target was the nuclear facility in Natanz, Iran.
After its release, Stuxnet combed its way through numerous networks and
computers, infecting USB-sticks, undetected and harmless until reaching its des-
tination: the uranium enrichment facility network. From the network, the virus
found its way into the secure control systems, which it was able to manipulate
intelligently—the safety system was unable to detect any malicious activity. This
was the first cyber-threat able to manipulate the functions of machinery within
closed systems, damaging the enrichment centrifuges. According to the evidence,
shortly before its discovery, Stuxnet had effectively damaged Iran’s enrichment
program (European Parliament 2011:52). The worm succeeded in what Western
governments had been fruitlessly trying to achieve with embargoes and diplo-
macy. Immediately speculation began about the worm’s origin.
Stuxnet expert Lagner terms the virus a “military-grade cyber missile” instigat-
ing an “all-out cyber-strike against the Iranian nuclear programme” (quoted in
Farwell and Rohozinski 2011:23). Iran’s nuclear facility as a target hardens the
suspicion that Stuxnet was a cyber-weapon released by a Western government no
longer relying on ineffective negotiations with Iran. Moreover, Stuxnet was an
example of highly complex software needing financial and human resources
only a state could afford. There are debates over whether America, Israel, or
both are behind the cyber-attack, since they possess the motivation and both the
technological and financial means to undertake such a sophisticated cyber-attack
(Farwell and Rohozinski 2011; Gross 2011; Gaycken 2012b; Rid 2012; Spiegel
2012). Naturally, an attribution is impossible.
10 Cyberwar
Stuxnet was the first cyber-weapon seeking out a specific target after having
been released, simultaneously covering its tracks and hiding its presence and
activities until after completing its task. For the revolutionary first use of an inde-
pendent and destructive cyber-weapon, investigative journalist Michael Gross
labeled Stuxnet the “Hiroshima of cyberwar” (Gross 2011). This comparison is
misleading to say the least. Stuxnet was not lethal but rather a weapon with the
sole purpose of damaging computers and the connected machinery. Gross, how-
ever, sees in Stuxnet a radical new stage in warfare similar to nuclear bombs,
crossing a threshold (Gross 2011), the first use of a genuine cyber-weapon forc-
ing us to rethink our conceptions of war. This is a thought deserving of atten-
tion and exploration.
There is no framework for how to deal with the uncertainty surrounding
cyberspace. If a state had attacked Nantaz by air bombardment with the same
consequences as Stuxnet, it would have been an act of war, an attack on the sov-
ereignty of Iran. What happens when destruction is inflicted by a cyber-weapon?
Is this an act of war? But even if Iran had decided to retaliate, against whom
would they have retaliated?
The 1974 UN Charter on aggression defines an act of aggression partially as
“the use of any weapons by a State against the territory of another State” (United
Nations 1974). Farewell and Rohozinski comment that it is still unresolved if
industrial facilities, such as Natanz, count as territory (Farwell and Rohozinski
2011:30). Despite this objection, however, after recognizing what cyber-weapons
like Stuxnet are capable of, the case for cyber-attacks being designated as acts of
aggression possibly harming property and humans is strong. In addition, the
danger of escalation with cyber acts of aggression is very high; it depends on
how the attacked country chooses to react: either accept the impossibility of attri-
bution and calculate that the risk of retaliation is too high, or decide to take it
as a possibility or pretense and react in the physical world by military means
against an aggressor they propose as a possible culprit. The traditionally rela-
tively clear lines of interstate conflict will be “grayed-out into a fog of possibilities
and options” (Rieger quoted in Gross 2011). Stuxnet represents modern techno-
logical cyberwarfare: It will take place without deployed soldiers, be anonymous,
covert, with a high potential for escalation, almost impossible to effectively fortify
against, and increasingly destructive.
Already we witness new cyber-weapons test-runs. Duqu and most recently
Flame are two other grand-scale cyber-weapons that have been discovered.
Unlike Stuxnet, however, these are not programmed to physically destruct, but
instead find their way into industrial control systems to gather sensitive informa-
tion that they send back to their creator. Intriguingly, Flame’s code was similar
to Stuxnet and most computers infected were again in the Middle East, mainly
Iran, Palestine, and Syria (Stoecker 2012).
Interestingly, after Flame was discovered earlier in 2012,7 Israel’s vice Prime
Minister declared that:
Whoever sees the Iranian threat as a meaningful threat—it is reasonable he
would take various measures, including this one. . .Israel has been blessed with
being a state rich in top level high-tech. These tools that we take pride in open
up various possibilities for us. (quoted in Macintyre 2012)
Denial looks different, but this is also no clear confession. While Flame is
“merely” an espionage-worm, it is, nonetheless, already more powerful and com-
plex than Stuxnet. It is not only able to copy and send data in vast amounts and
without being detected, it also records video and audio when programs of
7
It is indeed fascinating that, after Flame’s discovery, the worm was sent a suicide code and self-destructed.
Y ONG -S OO E UN AND J UDITH S ITA A BMANN 11
interest are running, and uses Bluetooth connections to collect relevant informa-
tion from other Bluetooth devices nearby (Securelist 2012). This information
collected during peacetime can become relevant in times of conflict and lay the
groundwork for possible future machine manipulation as in Natanz.
8
In addition, Stuxnet could have been much more potent and lethal if the target were different. It is thus not
only the weapon as such, but how it is used that analysts and policymakers bear in mind. The authors would like to
thank the reviewer for bringing this critical point to our attention.
12 Cyberwar
that there are new ways of waging war where cyber-weapons play a vital role. In
other words, although cyber-espionage can be dangerous if critical intelligence is
obtained, politicians and the media should be slow to term it cyberwar. This
stretches the term—which should be used cautiously—too far. Calling Estonia
“Web War One” is also not advisable not only because the attacks do not contain
the political and violent characterizers of war, but also because calling it “WWI”
may ramp up unnecessary threat perception or lead to misperception. Georgia,
on the other hand, reveals how future war is likely to be conducted: cyber-attacks
would be force-amplifiers for kinetic attacks. That is to say, the cases of Estonia
and Georgia tell us that cyber-attacks (be they patriotic hacktivist-attacks or those
conducted by the state) are likely to complement future traditional wars. If patri-
otic attacks run counter to states’ strategies and objectives, operations could be
undermined through soft power; escalation and retaliation are possible (Fritz
2008:62). States therefore need to be aware of this new situation and prepare
themselves accordingly. They also need to realize that cyber-weapons are attrac-
tive accompanying weapons during a traditional war.
The Stuxnet case demonstrates another branch of cyberwarfare: an indepen-
dent cyber-weapon, able to attack and physically destroy a specific target in a
covert manner, only discovered after having fulfilled its job. These last two cyber-
incidents can be termed as cyberwar in the sense that they have political goals
carried out purposefully and bring violence/destruction to targeted states or
organizations through cyber-weapons; and they have significant implications for
the future of warfare.
state’s ability to defend itself and its infrastructure where a higher dependence
on cyberspace occurs. Clarke and Knake’s work (2012) displays this vulnerability
as follows (Table 1).
As (Table 1) shows, our conventional thinking as regards military power does
not apply to cyberspace. North Korea, for example, has the highest total number
of cyberwar strength despite its low incidence of cyber offense; that is, because
North Korea is basically independent of cyberspace it is nearly impossible to
effectively attack the country with cyber-weapons. The exact reverse is the case
for America: Although it has strong cyber-offensive capabilities, it is very vulnera-
ble in terms of defense due to its high cyber dependence: America knows it is
particularly vulnerable to cyber-attacks. Most of the country is run by computer
networks relying on outdated Internet security with the greatest part of the infra-
structure being privately owned and thus not as well secured as those govern-
ment owned, America’s “massive electronic Achilles’ heel” (Lewis 2002:1). Also
recall the case study of Estonia and Georgia: It was Estonia that was severely dis-
rupted because it is a highly web-connected country. All of this indicates that
countries that used to be unable to gain an edge in the traditional battlefield
now see the possibility of changing the status-quo to their advantage. In particu-
lar, non-Western countries tend to be less vulnerable than highly networked Wes-
tern states. This aspect of the nature of cyberspace and cyberwar strength opens
up manifold possibilities of a change in global power hierarchy and of waging
incautious war more often.
United States 8 2 1 11
Russia 7 5 4 16
China 5 4 6 15
Iran 4 5 3 12
North Korea 2 9 7 18
Conclusion
Despite the potential crossover of cyberwar and physical war, this is not to say
that the former will make traditional weapons and war obsolete. At this point,
cyber-weapons, even if capable of physical destruction, do not have the conclu-
sive impact that aerial or nuclear bombardment has. As we know, Iran has
repaired the damaged centrifuges and is again enriching uranium. North Korea
has restarted a nuclear reactor which reportedly is capable of producing about
13 pounds of plutonium a year despite the pressure from the international com-
munity. These examples suggest that exhibitions of traditional military power
and weapons still remain the most critical in international politics. In effect,
cyber-weapons do not change the very nature of war itself.
At the same time, however, there is little doubt that cyber-weapons will
reshape the ways in which war begins or is carried out in the near future. The
case studies have revealed cyber-weapons’ lethal potential for violence and
destructiveness. Even cyber-espionage can be aggressive in its nature if it is not
designed purposefully to damage a web system and Internet network. Offensive
cyber-worms such as Stuxnet have demonstrated that modern cyber-weapons are
able to physically disrupt and destroy their targets. Although a radical change in
the global power hierarchy is not happening because conventional military weap-
ons remain principal, cyber-weapons and their nature make us rethink the future
of warfare and the possible change of global hierarchies. Also, just as nuclear
developments did in the past, cyber-weapons will ask us to revamp our policy
and study of security, war, and power.
Nevertheless, as has often been pointed out, there is a lack of sufficient gov-
ernment policies or legal frameworks to deal with cyber-attacks, cyber-weapons,
and cyberwarfare in practice. There is also a clear shortage of scholarly attention
regarding cyber-weapons and cyberwar (Eriksson and Giacomello 2006:221–224);
a cursory survey of the leading academic journals attests to this. Tracking down
Y ONG -S OO E UN AND J UDITH S ITA A BMANN 15
References
ALEXANDER, DAVID. (2013) Cyber Threats Pose Stealthy, Insidious Danger. Reuters. Available at http:
//www.reuters.com/article/2013/05/31/us-usa-defense-hagel-cyber-idUSBRE94U05Y20130531/
(Accessed June 15, 2013).
ARQUILLA, JOHN, AND DOUGLAS A. BORER, Eds. (2009) Information Strategy and Warfare: A Guide to Theory
and Practice. New York: Routledge.
ARQUILLA, JOHN, AND DAVID RONFELDT. (1997) In Athena’s Camp: Preparing for Conflict in the Information
Age. Washington DC: RAND.
9
See http://0-www.mitpressjournals.org.pugwash.l. http://about.jstor.org/journals (accessed 29/09/2013).
16 Cyberwar
BERKOWITZ, BRUCE D. (1997) Warfare in the Information Age. In Athena’s Camp: Preparing for Conflict in
the Information Age, edited by John Arquilla and David Ronfeldt. Santa Monica: RAND.
BRITO, JERRY, AND TATE WATKINS. (2011) Loving the Cyberbomb? The Dangers of Threat Inflation in
Cybersecurity Policy. Working Paper, Mercatus Center, George Mason University; 1–39.
BULL, HEDLEY. (1977) The Anarchical Society: A Study of World Order in World Politics. London: Macmillan.
CARR, JEFFREY (2010) Inside Cyber Warfare: Mapping the Cyber Underworld. London: O’Reilly Media.
CARR, JEFFREY. (2011) What Is Cyberwar? Slate. Available at http://www.slate.com/articles/technology/
future_tense/2011/08/what_is_cyberwar.html/ (Accessed May 24, 2013).
CHARETTE, ROBERT. (2011) Lockheed Martin Cyber Attack: Routine, A Warning or a Possible Act of
War? IEEE Inside Technology Spectrum. Available at http://spectrum.ieee.org/riskfactor/telecom/
security/lockheed-martin-cyber-attack-routine-a-warning-or-a-possible-act-of-war/ (Accessed July
28, 2013).
CLARKE, RICHARD, AND ROBERT KNAKE. (2012) Cyber War: The Next Threat to National Security and What to
Do about It. New York: Harper Collins.
CLAUSEWITZ, CARL VON. (1997) On War. Ware, UK: Wordsworth Classics.
CRAMER, JANE, AND TREVOR THRALL. (2009) Introduction: Understanding Threat Inflation. In American
Foreign Policy and the Politics of Fear: Threat Inflation since 9/11, edited by Jane Cramer and Trevor
Thrall. New York: Routledge.
CRONIN, AUDREY KURTH. (2006) How al-Qaida Ends: The Decline and Demise of Terrorist Groups.
International Security 31 (1): 7–48.
ERIKSSON, JOHAN, AND GIAMPIERO GIACOMELLO. (2006) The Information Revolution, Security and
International Relations: (IR)relevant Theory? International Political Science Review 27 (3): 221–
244.
ESPINER, TOM. (2008) Estonia’s Cyber-attacks: Lessons Learned, a Year On. London: ZDNet UK. Available
at http://www.zdnet.com/estonias-cyber-attacks-lessons-learned-a-year-on-3039408158/ (Accessed
August 3, 2013).
EUROPEAN PARLIAMENT. (2011) Cyber Security and Cyberpower: Concepts, Conditions and Capabilities for
Cooperation for Action within the EU. Brussels: Directorate-General for External Policies of the Union.
EVANS, MICHAEL, AND GILES WHITTELL. (2010) Cyberwar Declared as China Hunts for the West’s
Intelligence Secrets. The Times, 8 March.
FARWELL, JAMES, AND RAFAL ROHOZINSKI. (2011) Stuxnet and the Future of Cyber War. Survival 53 (1):
23–40.
FRITZ, JASON. (2008) How China Will Use Cyber Warfare to Leapfrog in Military Competitiveness.
Culture Mandala: The Bulletin of the Centre for East-West Cultural and Economic Studies 8 (1): 28–
80.
FULGHUM, DAVID. (2007) Why Syria’s Air Defences Failed to Detect Israelis. New York: Aviation Week.
GAYCKEN, SANDRO. (2012a) Cyberwar: Das Wettrusten € hat l€
a ngst begonnen—Vom digitalen Angriff zum realen
Ausnahmezustand. M€ unchen: Goldmann.
GAYCKEN, SANDRO. (2012b) Unsere verwundbare Gesellschaft. Hamburg: Der Spiegel.
GERTZ, BILL. (2009) China Blocks US from Cyber Warfare. Washington Times, 12 May.
GELLMAN, BARTON, AND ELLEN NAKASHIMA. (2013) U.S. Spy Agencies Mounted 231 Offensive Cyber-
operations in 2011, Documents Show. The Washington Post, August 31.
GOETZ, JOHN, MARCEL ROSENBACH, AND ALEXANDER SZANDAR. (2009) Krieg der Zukunft. Der Spiegel.
Available at http://www.spiegel.de/spiegel/print/d-64082614.html/ (Accessed March 28, 2014).
GOLDSTEIN, AVERY. (2013) First Things First: The Pressing Danger of Crisis Instability in U.S.-China
Relations. International Security 37 (4): 49–89.
GORMAN, SIOBHAN, AND JULIAN BARNES. (2011) Cyber Combat: Act of War. The Wall Street Journal.
Available at http://online.wsj.com/article/SB10001424052702304563104576355623135782718.
html?mod=WSJ_Tech_INTL_LSMODULE/ (Accessed May 29, 2013).
GRAHAM, BRADLEY. (2005) Hackers Attack via Chinese Websites. The Washington Post, August 25.
GROSS, MICHAEL J. (2011) A Declaration of Cyberwar. New York: Vanity Fair. Available at http://www.
vanityfair.com/culture/features/2011/04/stuxnet-201104/ (Accessed March 8, 2013).
HALPIN, EDWARD, PHILIPPA TREVORROW, DAVID WEBB, AND STEVE WRIGHT. (2006) Cyberwar, Netwar and the
Revolution in Military Affairs. New York: Palgrave Macmillan.
HARRIS, SHANE. (2008) China’s Cyber Militia. Washington, DC: National Journal. Available at http://
www.nationaljournal.com/magazine/china-s-cyber-militia-20080531
KANG, JIN-KYU. (2013) Major Computer Network Meltdown. Korea Joongang Daily, March 21.
KREKEL, BRYAN. (2009) US-China Economic and Security Review Commission Report on the Capability of the
People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation. McLean:
Northrop Grumman Corporation.
Y ONG -S OO E UN AND J UDITH S ITA A BMANN 17
KREMP, MATTHIAS. (2001) Elite-Hacker Fuhren € € China. Der Spiegel. Available at http://
Cyberwar fur
www.spiegel.de/netzwelt/web/blaue-armee-elite-hacker-fuehren-cyberwar-fuer-china-a-765081.html/
(Accessed May 29, 2013).
LANDLER, MARK, AND JOHN MARKOFF. (2007) Digital Fears Emerge after Data Siege in Estonia. The New
York Times, May 29.
LEWIS, JAMES. (2002) Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats. Washington,
DC: Centre for Strategic and International Studies.
LISCHKA, KONRAD. (2007) Estland Schw€acht Vorw€ urfe Gegen Russland ab. Der Spiegel. Available at
http://www.spiegel.de/netzwelt/web/0,1518,483583,00.html/ (Accessed April 12, 2013).
LONSDALE, DAVID. (2004) The Nature of War in the Information Age. London: Frank Cass.
MACINTYRE, DONALD. (2012) Israel Hints It May Be Behind “Flame” Super-Virus Targeting Iran. The
Independent. Available at http://www.independent.co.uk/news/world/middle-east/israel-hints-it-
may-be-behind-flame-supervirus-targeting-iran-7800935.html/ (Accessed April 7, 2013).
MAHNKEN, THOMAS G., AND JAMES R. FITZSIMONDS. (2003) Revolutionary Ambivalence: Understanding
Officer Attitudes toward Transformation. International Security 28 (2): 112–148.
MARCUS, JONATHAN. (2013) US Accuses China Government and Military of Cyber-Spying. BBC News China.
Available at http://www.bbc.co.uk/news/world-asia-china-22430224/ (Accessed June 3, 2013).
MARQUAND, ROBERT, AND BEN ARNOLDY. (2007) China Emerges as Leader in Cyberwarfare. The
Christian Science Monitor. Available at: http://www.csmonitor.com/2007/0914/p01s01-woap.html/
(Accessed September 14, 2013).
MORA, EDWIN. (2012) Panetta Warns of Cyber Peal Harbour. CNS News. Available at http:/
cnsnews.com/news/article/panetta-warns-cyber-pearl-harbor-capability-paralyze-country-there-now/
(Accessed October 15, 2012).
OFFICE OF THE SECRETARY OF DEFENSE. (2013) Military and Security Developments Involving the People’s
Republic of China 2013. Available at http://www.defense.gov/pubs/2013_china_report_final.pdf/
(Accessed March 14, 2014).
POREMBA, SUE. (2012) Definition of Cyber War Remains Elusive, Even for Security Experts. IT Business Edge.
Available at http://www.itbusinessedge.com/cm/blogs/poremba/definition-of-cyber-war-remains-
elusive-even-for-security-experts/?cs=49725/ (Accessed July 27, 2013).
RASH, WAYNE. (2011) Lessons Learned from Lockheed. CTO Edge. Available at http://www.ctoedge.
com/content/lessons-learned-lockheed/ (Accessed June 28, 2012).
RID, THOMAS. (2012) Think Again: Cyberwar. Foreign Policy. Available at http://www.foreignpolicy.
com/articles/2012/02/27/cyberwar?page=full/ (Accessed September 11, 2012).
RUSTICI, ROSS. (2011) Cyberweapons: Levelling the International Playing Field. Available at http://
strategicstudiesinstitute.army.mil/pubs/parameters/Articles/2011autumn/Rustici.pdf/ (Accessed
April 4, 2014).
SANGER, DAVID. (2013) U.S. Blames China’s Military Directly for Cyber-attacks. New York Times.
Available at http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyber-
attacks.html?_r=0/ (Accessed October 17, 2013).
SCHMITT, MICHAEL N, Ed. (2013) Tallinn Manual on the International Law Applicable to Cyber Warfare.
NewYork: Cambridge University Press.
SECURELIST. (2012) The Flame: Questions and Answers. Moscow: Kaspersky. Available at https://www.
securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers/ (Accessed February
19, 2013).
SPIEGEL. (2007) Cyber-Angriffe auf Estland alamieren EU and NATO. Der Spiegel. Available at http://
www.spiegel.de/netzwelt/web/0,1518,483416,00.html/ (Accessed September 29, 2012).
SPIEGEL. (2012) Experten Enttarnen Neue Cyberwaffe. Der Spiegel. Available at http://www.
spiegel.de/netzwelt/web/computerwurm-flame-von-it-experten-entdeckt-a-835604.html/ (Accessed
September 29, 2012).
STOECKER, CHRIS. (2012) Israel Preist Spionage-Virus Flame. Der Spiegel. Available at http://www.
spiegel.de/netzwelt/netzpolitik/israelischer-minister-mosche-jaalon-lobt-flame-virus-a-835727.html/
(Accessed October 3, 2013).
THE ECONOMIST. (2010a) War in the Fifth Dimension. The Economist. Available at http://www.
economist.com/node/16478792/. (Accessed March 28, 2013).
THE ECONOMIST. (2010b) The Stuxnet Worm: A Cyber-missile Aimed at Iran? The Economist. Available
at http://www.economist.com/blogs/babbage/2010/09/stuxnet_worm/ (Accessed June 16,
2013).
THE WHITE HOUSE. (2010) The United States’ 2010 National Security Strategy. Available at http://www.
whitehouse.gov/sites/default/files/rss_viewer/national_security_strategy.pdf/ (Accessed March
13, 2014).
18 Cyberwar
THORNBURGH, NATHAN. (2005) The Invasion of the Chinese Cyberspies. Time Magazine. Available at
http://www.time.com/time/magazine/article/0%2C9171%2C1098961%2C00.html/ (Accessed
September 8, 2013).
TKACIK, JOHN. (2008) Trojan Dragon: China’s Cyber Threat. Washington DC: The Heritage Foundation
Available at http://s3.amazonaws.com/thf_media/2008/pdf/bg2106.pdf/ (Accessed April 3,
2014).
TOFFLER, ALVIN, AND HEIDI TOFFLER. (1995) War and Anti-War: Survival at the Dawn of the 21st Century.
London: Warner Books.
UK PRIME MINISTER. (2010). A Strong Britain in an Age of Uncertainty: The National Security Strategy.
Available at http://www.direct.gov.uk/prod_consum_dg/groups/dg_digitalassets/@dg/@en/
documents/digitalasset/dg_191639.pdf/ (Accessed January 13, 2014).
UNITED NATIONS. (1974) Definition of Aggression Resolution 3314. Available at http://legal.un.org/
avl/ha/da/da.html/ (Accessed April 4, 2014).
US DEPARTMENT OF DEFENSE. (2011) Strategy for Operating in Cyberspace. Available at http://www.defense.
gov/news/d20110714cyber.pdf/ (Accessed June 15, 2013).
WALZER, MICHAEL. (2006) Just and Unjust Wars: A Moral Argument with Historical Illustrations. New York:
Basic Books.
WAN, WILLIAM. (2013) After Snowden Revelations, China Worries about Cyberdefense, Hackers. The
Washington Post, September 04.
WU, CHRIS. (2004) An Overview of the Research and Development of Information Warfare in China.
In Cyberwar, Netwar and the Revolution in Military Affairs, edited by Edward Halpin. New York:
Palgrave Macmillan.
XU, TING. (2011) China and the United States: Hacking Away at Cyber Warfare. Asia Bulletin 135: 1–2.