The challenge for cyberwarriors today lies in figuring out how to thwart these various cyberoffensives. This won't happen if defenders remain dependent on a cyberspace-based version of the Maginot Line: the "firewalls" designed to detect viruses, worms, and other tools, and to keep attackers from intruding into and roaming about one's systems. Like the original Maginot Line, which failed to protect France in World War II, the firewall is easily outflanked. Sadly, undue faith in this passive mode of defense means that, right now, far too much data can be found in fixed places, "at rest." This results in far too much data remaining at risk, easily located and targeted for extraction, manipulation, or destruction. Far better to move away from dependence on firewalls to the ubiquitous use of strong encryption, which protects data with unbreakable codes, and "the cloud," the vast expanse of cyberspace in whose far reaches data can be safely secreted and then swiftly summoned back when needed.
A final aspect of cyberwar that Ronfeldt and I began contemplating so long ago -- virtual conflict in the form of society-wide ideological strife -- is also coming to pass. Such virtual operations, we wrote back in the early 1990s, would one day extend to "efforts to promote dissident or opposition movements across computer networks." Clearly, we have seen this form of conflict take shape in the "color revolutions" of the past decade and most recently in the Arab Spring; in both cases, the impact of political activism was greatly enhanced by cyber-enabled social networking tools and sites. If there is to be more cyberwar in the future, better it should be what we called "social netwar" than the alternatives.
So, yes, cyberwar has arrived. Instead of debating whether it is real, we need to get down to the serious work of better understanding this new mode of war-fighting, which has been enabled by an information revolution that has brought so much good to the world, but which at the same time heralds an age of perpetual conflict. What we really must ask is: Can cyberwar be controlled? Rid implies that international cooperation to do so is doomed, but I'm not so sure. Pledges not to employ cyberattacks against purely civilian targets, for example, may be genuinely worthwhile -- at least for nations, if not for shadowy networks. But networks, too, may come to follow some kind of code of behavior. Even the loosely linked cybervigilante group Anonymous takes considerable pains to explain the rationales for its actions.
So here's hoping that, amid the looming havoc of cyberwars to come, there will also be prospects for cyberpeace.