The fact is that the United States government has already shown signs of an energetic capacity for cyber war, as in the case of Stuxnet, the software worm that the U.S., working with Israel, is believed to have used to disrupt Iran’s uranium-enrichment program. Coincidentally, I happened to ask some North Korea experts last week if Pyongyang’s latest round of nuclear tests might make it a prime target for a Stuxnet-style intervention. “The only time I heard anything along such lines recently was suspicion that the April launch failure may have resulted from cyber attack—but that was in the realm of conspiracy theory,” John Delury, of Yonsei University, in Seoul, told me.As long as it’s in the realm of the theoretical, here’s another twist: given China’s vocal frustration with its erstwhile allies in Pyongyang, and China’s fondness for cyber adventures, any chance that China might try a Stuxnet approach to slow down a headache on its northeast border? From what I gathered, the chances were slim, in part because of operational differences between Iran and North Korea. “Do the Chinese know which industrial-control systems are in place?” Adam Segal, of the Council on Foreign Relations, asked. “Could they deliver the malware to a system that is most likely ‘air gapped’ and not connected to the Internet? Could they be sure that the infection wouldn’t spread—back to China or to U.S. or others? Do D.P.R.K. nuclear scientists travel? Is it possible to leave thumb drives around with no one noticing?”
China is notorious for its interest in cyber-war as an asymmetric counter to the conventional military superiority of the United States ... and for its apparent willingness to farm out, encourage, or benefit from private hacker initiatives.
On 2010, Mara Hvistendahl wrote in Foreign Policy:[T]he hacking scene in China probably looks more like a few intelligence officers overseeing a jumble of talented - and sometimes unruly - patriotic hackers. Since the 1990s, China has had an intelligence program targeting foreign technology, says James A Lewis, senior fellow for cyber-security and Internet policy at the Center for Strategic and International Studies. Beyond that, however, things get complicated. "The hacking scene can be chaotic," he says. "There are many actors, some directed by the government and others tolerated by it. These actors can include civilian agencies, companies, and individuals." Patriotic hackers in China are called "hong ke" or "red guest", a pun on the phonetic rendering "hei ke" or "black guest" for hacker.The Barack Obama administration went public with its case against China in November 2011, with a report on industrial espionage titled Foreign Economic Collection. It described China rather generously as a "Persistent Collector" given the PRC's implication in several high-profile industrial espionage cases and soft-pedaled the issue of official Chinese government involvement. The report stated:
Their patriotic cyber-duties included destroying the online presence of South Korean boy band Super Junior after an unruly and undignified crowd of Chinese fans clamored to hear the band at the Shanghai World Expo and embarrassed Chinese nationalists. 
They also weigh in on foreign issues of greater moment, mixing it up with their Japanese counterparts when Sino-Japanese passions are inflamed by visits to the Yasukuni Shrine or the collision between a Chinese fishing boat and Japanese coast guard vessel off Diaoyutai/Senkaku in 2010.
But their major utility to the Chinese government may be their ability to generate chaff - a barrage of cyber-attacks to distract and overwhelm US security specialists trying to cope with China's pervasive, professional program of industrial and military espionage - and give the People's Republic of China (PRC) government deniability when hacking is traced to a Chinese source.
Chinese industrial cyber-espionage has emerged as a dominant near-term security concern of the United States.
US corporations and cyber-security specialists also have reported an onslaught of computer network intrusions originating from Internet Protocol (IP) addresses in China, which private sector specialists call "advanced persistent threats." Some of these reports have alleged a Chinese corporate or government sponsor of the activity, but the IC [intelligence community] has not been able to attribute many of these private sector data breaches to a state sponsor. Attribution is especially difficult when the event occurs weeks or months before the victims request IC or law enforcement help. A month later, in December 2011, US criticism of China became a lot more pointed. Business Week published an exhaustive report on Chinese cyber-espionage, clearly prepared with the cooperation of federal law enforcement authorities as it named and described several investigations:The hackers are part of a massive espionage ring codenamed Byzantine Foothold by US investigators, according to a person familiar with efforts to track the group. They specialize in infiltrating networks using phishing e-mails laden with spyware, often passing on the task of exfiltrating data to others.
Segmented tasking among various groups and sophisticated support infrastructure are among the tactics intelligence officials have revealed to Congress to show the hacking is centrally coordinated, the person said. US investigators estimate Byzantine Foothold is made up of anywhere from several dozen hackers to more than one hundred, said the person, who declined to be identified because the matter is secret. United States security boffin Richard Clarke had this to say about Chinese cyber-espionage in an interview with Smithsonian magazine:"I'm about to say something that people think is an exaggeration, but I think the evidence is pretty strong," he tells me. "Every major company in the United States has already been penetrated by China."
"The British government actually said [something similar] about their own country."
Clarke claims, for instance, that the manufacturer of the F-35, our next-generation fighter bomber, has been penetrated and F-35 details stolen. And don't get him started on our supply chain of chips, routers and hardware we import from Chinese and other foreign suppliers and what may be implanted in them-"logic bombs," trapdoors and "Trojan horses," all ready to be activated on command so we won't know what hit us. Or what's already hitting us. Some big numbers are being thrown around to publicize the Chinese threat.
Business Week's report, while admitting the woolliness of its methodology, stated that losses to American companies from international cyber-espionage amounted to US$500 billion in a single year.
Scott Borg, director of a non-profit outfit called the US Cyber Consequences Unit told Business Week:"We're talking about stealing entire industries ... This may be the biggest transfer of wealth in a short period of time that the world has ever seen."Beyond these apocalyptic economic and military scenarios, we might also descend to the personal and political and point out that Google, a favorite target of Chinese cyber-attacks, is Obama's friend, indispensable ally, brain trust and source of personnel in the high-tech sector.
Connect the dots, and it is clear that the Obama administration, in its usual meticulous way, is escalating the rhetoric and preparing the public and the behind-the-scenes groundwork for major pushback against China in the cyber-arena.
Stuxnet typifies the grave threat to physical infrastructure that Mr. Panetta got so worked up about much more vividly than an office computer data hack along the lines of Shamoon.
That's certainly the case for China, which is a cyber-adversary of considerable notoriety, though (unlike the United States) it has apparently confined the bulk of its efforts to espionage rather than sabotage to date.
[In the excerpt reproduced below, I chew over the Stuxnet/cyberwarfare issue some more in an article I wrote for Asia Times on the recommendation to ban Huawei, the PRC’s leading telecommunications provider, from the US market on security grounds.]
Amid the ferocious Iran-bashing - and "by any means necessary" justifications for covert action against that country's nuclear program - that have become endemic in the West, the true significance of the Stuxnet exploit has been overlooked by many, at least in the West.
Stuxnet was the release of an important cyber-weapon - a virus that did not simply seek sensitive information or attempt to disrupt communication, but one that was reportedly rather effective in damaging a strategic Iranian facility by an act of sabotage.
It was an act of cyberwar.
As David Sanger, The New York Times' national-security adviser, wrote in his White House-sanctioned account:
"Previous cyberattacks had effects limited to other computers," Michael V Hayden, the former chief of the CIA, said, declining to describe what he knew of these attacks when he was in office. "This is the first attack of a major nature in which a cyberattack was used to effect physical destruction", rather than just slow another computer, or hack into it to steal data.
"Somebody crossed the Rubicon," he said. In true US imperial style, Stuxnet was unleashed unilaterally and without a declaration of war, to satisfy some self-defined imperatives of US President Barack Obama's administration.
That's not a good precedent for other cyber-powers, including China, to rely on US restraint, or to restrain themselves.
The Obama administration's attempt to deal with the issue of its first use of cyber-warfare seems to go beyond hypocritical to the pathetic.
There are rather risible efforts to depict the Stuxnet worm - which caused the centrifuges to disintegrate at supersonic speeds - as little more than a prank, albeit a prank that might impale hapless Iranian technicians with aluminum shards traveling at several hundred kilometres per hour, rather than a massive exercise in industrial sabotage:"The intent was that the failures should make them feel they were stupid, which is what happened," the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole "stands" that linked 164 machines, looking for signs of sabotage in all of them. "They overreacted," one official said. "We soon discovered they fired people."According to Sanger, at least President Obama knew what he was getting into:Mr Obama, according to participants in the many Situation Room meetings on Olympic Games [the codeword for the Stuxnet operation—PL], was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyber-weapons - even under the most careful and limited circumstances - could enable other countries, terrorists or hackers to justify their own attacks.
"We discussed the irony, more than once," one of his aides said. Another said that the administration was resistant to developing a "grand theory for a weapon whose possibilities they were still discovering". Yet Mr Obama concluded that when it came to stopping Iran, the United States had no other choice ...
Mr Obama has repeatedly told his aides that there are risks to using - and particularly to overusing - the weapon. In fact, no country's infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.But Obama did it anyway, in the service of a dubious foreign-policy objective - forcibly and unilaterally disabling Iran's (currently) non-military nuclear program - that was arguably an overreaction to Israel's blustering threat to attack Iran unilaterally, and an attempt to get himself some political breathing space from vociferously pro-Israeli interests in US politics.
[Before the revelation of US government involvement in the Stuxnet exploit] the Pentagon's cyberwar strategists did their best to frame the cyberwar issue as law-abiding America vs the unprincipled cyber-predators of the PRC.
With Sanger-assisted Stuxnet hindsight, this May report, with its wonderful title "US hopes China will recognize its cyber war rules", is, well, hypocritical and pathetic:While no one has, with 100% certainty, pinned the Chinese government for cyber-attacks on US government and Western companies, in its 2012 report "Military and security developments involving the People's Republic of China", the US secretary of defense considers it likely that "Beijing is using cyber-network operations as a tool to collect strategic intelligence" ...
The report raises China's unwillingness to acknowledge the "Laws of Armed Conflict", which the Pentagon last year determined did apply to cyberspace ...
Robert Clark, operational attorney for the US Army Cyber Command, told Australian delegates at the AusCERT conference last week how the Laws of Armed Conflict in cyberspace might work internationally to determine when a country can claim self-defense and how they should measure a proportionate response.
One problem with it was highlighted by Iran, following the Stuxnet attack on its uranium-enrichment facility in Natanz, which never declared the incident a cyberattack.
Air Force Colonel Gary Brown, an attorney for US Cyber Command, in March this year detailed dozens of reasons why Iran, in the context of the Laws of Armed Conflicts in cyberspace, didn't declare it an attack. This included that difficulties remain in attributing such an attack to a single state. 
A few days later, Sanger's story confirmed that the Obama administration had indeed released Stuxnet, rendering moot the Pentagon's plans for a chivalric, rules-based cyberwar tournament, …
Heightened mutual suspicion - maybe we should call it endemic mistrust - is now a given in cyber-relations between the United States and its adversaries/competitors, for a lot of good reasons that don't necessarily have anything to do with Chinese misbehavior, but have more than a little to do with the US willingness to unleash a cyberattack on an exasperating enemy without setting clearly defined ground rules, and its need to pull up the cyber-drawbridge over the national digital moat to prevent retaliation.
“This new class of cyber warrior would be responsible for penetrating the machines behind identified attack sources, installing spyware to monitor connections to those machines, and following the trail back to the desktop of the attacker. They would have to research and exploit vulnerabilities, craft malware, operate honey pots, and even engage in targeted Denial of Service attacks,” Richard Stiennon, chief research analyst at IT-Harvest, told GlobalPost.