Warfare evolves, quite obviously, and it can be argued no nation is better at evolving methods of warfare than the United States. Our history is steeped in it, beginning with the Revolutionary War. To this day Americans make light of British troops dressed in red and marching in lines to make it so easy to shoot them. You can credit America, then, for proving the effectiveness of guerrilla warfare, as our forefathers stood behind rocks and trees and took down a stronger, more organized and traditional enemy. Similar events would happen later in the American Civil War-while the South's General Lee continued the traditional casualty-minimizing, control-territory approach, General Grant was ordering his troops to kill every rebel in sight. In answer to German and Japanese innovation in World War II, the US responded again, this time with the most devastating weapon ever created: the atomic bomb.

Again, warfare has changed. Because as a superpower the US has amassed forces as impenetrable as they are frightening, enemies seek other methods of bringing down the beast, or at least injuring it. The new method is remote, cheap, and, in theory, potentially devastating: cyber warfare.
The US Air Force as well as the Army Reserve have created task forces to address and eradicate the constant attacks on US information systems coming from state and rogue agents from outside and from within our borders. There are significant challenges, and as always in the course of human history, dire consequences depending on how the dice are thrown.
The largest, most persistent problem with cyber attacks is not their scale or relative speed of remedy, but determining who stages them and from where. From a defence standpoint, the question of why is irrelevant-only protection matters.
In the wake of the 9/11 terrorist attacks, the question of why briefly presented itself along with the notion of "cyberterrorism," or remote attacks on critical domestic systems, including nuclear facilities, financial institutions, food and water processing plants, mass transit systems, and communications systems, among others. The newly created Department of Homeland Security also temporarily traded on this fear to shore up funding and authoritarian reach.
In 2001, before the World Trade Center attacks, US officials said more than twenty nations had information operations against the United States. This led, before our great Mid East distraction, deputy secretary of defence John Hamre to a conclusion before Congress that the US was "basically" at war. His ambiguous wording mirrored at once the ambiguous threat and the abstract notion of an "information war," the consequences of which, while most likely bloodless, were potentially economically devastating. The cynic might be quick to note that a Department of Defense (DoD) administrator depends on fear for adequate funding; however, Hamre's alarm was not baseless, and in fact became more resonant in the aftermath of 9/11, the US citizenry's general complacency now obliterated by what they viewed as unprovoked and senseless violence by foreign agents on domestic soil because of (what the populace generally viewed as) a set of imagined US offenses.
As wars in Afghanistan and Iraq raged and with fears of cyberterrorism marginalised as "unlikely," the American public went back to life as usual, allowing their IT departments and government to handle their security concerns. The DoD, while trying to devise a plan for fighting a new type of what was now termed "asymmetrical warfare" in the form of terrorism, also promised to set in motion plans to deal with an earlier asymmetrical threat heretofore given mostly lip service.
Xenophobia, though, is no stranger in this increasingly globalised decade; in the back of the collective US mind was an epidemic of technological outsourcing. To compound resentment of US jobs being sent overseas to places like India, there now grew the nagging fear that specialised backdoor information was now being farmed out to unknown sources around the globe, creating even more risk of compromised information systems. Still, so long as no troubling event occurred in the cyber or real world, the American people were content.
Seven years and several massive cyber attacks later, the DoD seems to be making good on their promise with the formation of the Air Force Cyber Command. The Air Force was a logical choice to spearhead the new wing of the US military because of its already highly sophisticated computer systems and highly-trained people to run them. Previously, the Navy had been thought to be the natural lead on the project; a successful denial of service attack brought down the website of the very institution tasked with fighting cybercrime, the Navy's War College, for a fortnight. Not to be left out, the US Army Reserve, the portion of the military whose express function prior to the US Dept. of Homeland Security is/was protection of domestic territory, has also announced the development of a task force dedicated to preventing and dealing with cyber attacks.
The NSA, CIA, FBI, DHS, Secret Service? You can bet they're on board, too, though more quietly, with the immunity-purchased cooperation of major telecommunications providers like AT&T.
A complete cyber defence system is expected to be in place by 2010.

Definitive Problems

Another chief problem, like the problem of solidly locating perpetrators and identifying them as state or rogue agents, is the problem of defining the difference in related terms. If an attack occurs from within US borders, it becomes an issue of jurisdiction; law enforcement handles domestic attacks, not the military, and labels it "cyber crime." The inherent problem, of course, is that appearances aren't always the truth-an attack can be made to appear as though it came from any country. Another trouble is delineating between cyber/information warfare and what might be construed as cyberterrorism. It is difficult to know if a cyber attack has roots in the ideological objectives of rogue agents with merely destructive aims, or if it was instigated by a state agent with other objectives.
From a strategic sense, just as in traditional warfare, a state agent is perhaps preferable because there are millennia-worth of military and diplomatic strategies from which to pull. An amorphous assailant, though, as recent history suggests, induces a sense of superpower shadowboxing, which has effects on everyone thought to be in the vicinity.
The year 2007 was a wakeup call for the US military to get off its heels about cyber threats, hence this year's hastening of specialized task forces to address the issue. Last year saw the infamous attacks on Estonia from assumed Russian sources, and thousands of attacks from China (increasingly viewed as the epicentre of cyber warfare) on Japan, New Zealand, Germany, France, Britain, and the US, many seeming to trace back to the People's Liberation Army, credibly making the attacks, especially if conducted on physical targets, acts of war.
Cyber warfare is essentially this generation's arms race. Unlike the Cold War, where threats of nuclear attack kept giants at bay with a keen understanding of zero-sum games, the sums in the 21st Century Cyber War are relatively huge. A successful cyber assault could mean control over an entire nation's infrastructure as well as defence systems, effectively reducing a nation's defences to World War II era status. Therefore, a winning, cohesive strategy is a shoot-first, pre-emptive one the US has successfully mastered in the past.
Colonel Charles W. Williamson III, editorialising for the Armed Forces Journal, has therefore espoused a deterrent strategy of creating military botnets, robot networks designed to take out enemy systems before a cyber attack can be launched, or at least at first detection. Williamson compares a nation's information infrastructure to fortified structures. Just as Old World castles had moats, bridges, and high walls, networks have layers of protection in the form of firewalls, gateways, passwords, port blocking, and intrusion detection devices. However, Williamson also acknowledges a difficult paradox in computer security: the more layers (machines) you add, the more potentially vulnerable points of entry you have.
For example, cloud computing adds a layer of protection by dispersing vital data among servers. This increases not only computing power-as will be observed by CERN's "Grid," which is to be switched on this summer-but also makes it nearly impossible to steal or manipulate all sets of data in a network because they are not housed in the same place. But more computers ultimately also means more vulnerable ports. This is especially troublesome to military hierarchies acutely aware their systems are connected to the public Internet via, to innovate on Bush, Sr., a thousand points of entry.
Williamson notes the difficult challenges in modern warfare by comparing Belgium's failure at protecting its territories from German air strikes. Their fortresses, relics from ancient times, were useless against new technology. The key, says Williamson, in dealing with potential air strikes is to launch your own air strike in advance, taking out the enemy's ability to attack. His concept of a military botnet is similar: A global army of botnets could seek and destroy enemy systems before transmissions actually reached American-based infrastructure, attacking them on their turf, far away from our own.
The logic here is both sound and alarming. A small-scale attack, like ones deployed by handfuls of scattered rogue agents would have little chance of taking down the entire system, even if undetected. Only a small part of the network is vulnerable, a front-facing support part, an attack likely remedied in hours or days with minimal impact-like a mortar shell taking out one vehicle, or less, a tree. On a massive scale, which is likely to be detected early and to be traceable to a larger state agent-or, and this should ring some alarms, a state agent harbouring a massive rogue attack-the attack could not only be blocked, but also neutralised as military botnets take out the entire originating system.
Another issue steeped in paradox: governments worldwide actually encourage rogue agents. This was evidenced most recently in New Zealand, when a teenage hacker was acquitted of serious charges because of his potential usefulness to the government in combating other hackers. At sixteen, the young man had developed software allowing hackers to steal millions of dollars. He sold the software to the hackers for $31,000, which the courts took as evidence he never intended to use the software himself. The government not only praised his incredible skill, but appear to have offered him a job in law enforcement.
This is an old scenario, admittedly, one heard of since the 1980s, where talented computer-savvy kids were viewed more valuable as government employees than behind bars or working for the enemy. Movies have been made about it, and this is just the latest example of the same approach.
It seems painfully ironic-painfully and obviously self-serving-that governments at once encourage and demonise such behaviour. The cold reality is, though, that it appears necessary.

What's Next?

It's hard to be a predictor of the future; it's so easy to be wrong. But, based on history and evidence, the US, while to this point ill-prepared (like most of the world, really) to defend against cyber warfare from either state or non-state agents, only began to see really critical threats in the past couple of years, especially as China attackers escalated attacks and became more brazen about the systems they were attacking.
The Pentagon never takes a breach lightly.
Unfortunately, though, the US has been slow to address the issue (and somewhat clueless, being run by leaders of a previous generation unaware of such things), and have left portions of US infrastructure vulnerable. These same portions seem likely to remain vulnerable for at least a couple of years while task forces play digital war games with each other and find their grooves.
Once those grooves are found though, expect not only a cyber system as impenetrable as the US military itself, but also a proactive, artificially intelligent one with its own robotic agents at the borders. Expect also more cloud computing to power the system while dispersing and protecting vital information so that doors, while paradoxically being more ports of entry, will also be additional layers to the information fortress.
There are variables, like how aggressive state agents will actually get and whether their actions will spill over into actual acts of war, which won't be good for anybody. There is the "young-gifted-hacker" variable and whose side he (or she) is on.
There is also what CERN is doing, which could again change the world. In ten years, we may be talking about an entirely different, vastly more powerful, faster, and more internationally distributed network. The Grid, designed for computational support of CERN's ambitious search for the Higgs boson, among other quantum theoretical particles, could make current cyber warfare concerns either quaint or obsolete. Hopefully the latter.
Worst case scenario: Rogue agents en masse deliver a powerful blow to US or US ally information systems and/or infrastructure, resulting in destruction and casualties on the level of a 9/11. If so, the people of those targeted nations would have no trouble getting behind a doctrine against asymmetrical, amorphous assailants and against nations harbouring, encouraging, or ignoring such threats. It's a safe bet the US will have a system in place to take down or damage not a portion of another nation's infrastructure remotely, but the entire system itself, fulfilling the feared ambition of said rogue agents by doing what they could not, in advance of a wider-scale attack.
But as always, provocation is required.