I've been thinking a lot about the latest generation of warfare. "Cyberwar" isn't exactly new, it is really just the continuation of controlling public opinion by rationing access to facts. The propaganda wars of the past are the father and mother of cyberwarfare. But instead of just attacking the enemies ideological opinion you get to sabotage his printing presses too.
First you have to kill the databases.
Then you have to kill the commo links.
Databases are harder to kill than you think, and comm links are very very difficult.
So lets take a look at what works and what doesn't.
Viruses work. Physically destroying the server farm works. Either stuxnet or "Fight Club" scenarios will give the superpower bigger problems to deal with than a small group.
The problem of course is archival copies, any properly designed system is redundant and has backups. This isn't a problem if you can isolate that data from the rest of the network, either through electronic or physical means.
So, where to start? Depends on what you really want to accomplish. Find a disgruntled kid with security clearance to funnel you files on a burned Lady GaGa CD is one way to put egg on the face of your opponent. Slipping a worm, trojan, or virus into the upstream pipeline of the IT supplier for your intended victim is another.
There are a lot of ways to suck the egg, and so far no one has used physical attacks as a method. Mainly because of the data backup problem. It would actually be easier to kill the backup first then go for the main server if you could time it correctly.
The US government has been rattling sabers about increasing the government role in public cybersecurity, some pundits even claiming classified knowledge that the fedgov has tools completely unavailable to public security experts. I have no knowledge of any such development, but I put my faith in the private sector for security. Why? Because the fedgov still uses Microsoft.
I don't mean to dog Microsoft, their product is the world leader in personal computing software. The problem is that makes them the biggest target. And when enough people are aiming at the same target, they don't all have to be sharpshooters to hit the bullseye quite often.
Update: policy wonk recommends crackdown on internet freedom in the name of security