One of the problem with cyber is that it lends itself to preemptive action. Your assets in cyber-warfare are your opponents' vulnerabilities, therefore in order to quantify your assets you have to be able to ascertain how vulnerable your opponents are and that involves pre-emptive exploration of your opponents' networks. So in that sense it lends itself to some pretty nasty stuff.