The defense against them that is most widely deployed is signature based anti-virus software.

It is very easy for an attacker to write new code or customize existing code so that it is not detectable by AV programs because they have no signature for something that the AV researchers have never seen before. Refer back to the Haephrati Trojan fiasco in Israel.  Private investigators in Israel used malware customized by Michael Haephrati to steal data from competitors of their industrial espionage clients. The GhostNet researchers discovered that China was using similar methods against the Dalai Lama's operations.

Cyber war operations should be constantly evolving such tools to enhance the ease with which they can be installed on a target machine, the ability to avoid detection, and the ability to create un-noticed connections back to a data collecting server. Cyber defense operations have to concern themselves with detecting and rendering harmless such Trojan horses.

5. Rootkits are a special form of malware. They attack the kernel of an operating system and can work "under the wire" at a lower level than defensive measures such as AV software so they are undetectable even from a careful examination of the computer. Rootkits could be distributed as part of a commercial application. A cyber war effort could even enlist the producers of commercial software that would be sold to targets.

6. Backdoors. The inclusion of spyware or hardware backdoors in products shipped to an enemy is a powerful way to wage cyber war. Accusations of such activity are usually no more than paranoia. To date. It is maintained by many that printers shipped to Iraq before the first Gulf War contained back doors that allowed the US to access Iraqi command and control networks in advance of the invasion.

Most vendors of IT products address a global market and would not readily jeopardize their sales by acquiescing to the inclusion of backdoors in their products because of the harm to their reputation if they are uncovered.

But the development and deployment of such tools in an enemy's environment is a valuable goal and would be pursued by any cyber war effort.

One scheme has been proposed that a nation, particularly the United States, could in times of extreme need, induce their software industry to push updates to their installed base that included malware that could be used to disable their enemy's computers.

Imagine the impact Microsoft, Cisco, or Oracle could have if they used their automatic update capability to secretly infect millions of machines with back doors, Trojan horses, or kill switches.

7. Analysis. If ever there was a task for business intelligence (BI) solutions, the evaluation and reduction of the terabytes of data collected from cyber espionage activities is it.

Technologies developed for this analysis will be a critical factor in the escalation of cyber capabilities. Signal analysis, mentioned above, is just one such task. Others include:

Tracking sources and the information derived from them. A database of military personnel including their ranks, specialties, training, commendations, and deployments would be updated continuously. Tracking those changes and their significance would be a difficult task without assistance from data analysis tools.

Correlating information derived from different sources or dates.

A missile design for instance goes through hundreds of revisions for each component as dimensions, materials, and manufacturing processes are optimized throughout the life-cycle of a design.

An attacker may have different copies of CAD models, process sheets, and engineering specifications that vary with time, model, and manufacturer. Determining which was the best design or which reflected the current state of the missile in question would require sophisticated BI tools.

The acquisition of a single email between two parties does not represent their entire conversation on a topic. Any correspondence may contain errors or be updated by a follow-on email. Pulling together the entire thread of a conversation is a challenge even for the participants!

If the goal of cyber war is total information dominance the generals would want to know the economic, military, supply, staffing, and technological standing of their advisaries who are engaged in collaboration, and mutual defense accords.

Only by developing powerful and automated analytical capabilities will modern day generals be able to conduct cyber war.

8. DDoS technology. Denial of Service can take many forms. Developing new methods of attacking routers, servers, and switches via specially crafted packets or floods of packets are critical areas of technology development for cyber warfighting capability. A whole chapter of Survivng Cyber War is dedicated to DDoS defense.

9. Compromising routing infrastructure via BGP route announcements is another weapon of cyber war. Planning how to achieve the desired results of shutting off an advisory while maintaining network functionality for the attacker is an area of technology to be investigated.

10. DNS attacks. By controlling DNS servers or simply making them inaccessible an attacker can gain the upper hand in a cyber conflict. If Georgia's attackers in 2008 had simply owned the DNS server for the .ga Top Level Domain they could have simply pointed all traffic to alternative sites with their own messages instead of the intended destination.

11. SCADA attacks. SCADA is a protocol used specifically for sending commands to and receiving data from the switches and pumps that control power grids and oil and gas pipelines. Developing the tools to attack these networks that control critical infrastructure would be a primary technology advantage in cyber war.