Although the majority of the cyber warfare units have been established for defensive purposes, it's the offensive cyber capabilities that are worth discussing in the context of establishing a borderline for offensive cyber operations. The methodology used in offensive cyber warfare operations is fairly simple - if you're attacking us we reserve ourselves the rights to strike back at you.
It's a methodology that is totally wrong, taking into consideration the fact that the attack may be coming from a country that is basically abusing the infrastructure of another country, in a combination with reliance of localized attack kits and tactics typical to those used by what is originally perceived as the attacking country.
It's been a decade since the release of the Chinese "Unconventional warfare" book, and a lot has changed from a conceptual perspective. From symmetric to asymmetric shift in the concepts, to the currently in progress of implementation unrestricted warfare military doctrines, the Chinese has proven that they they're not just able to keep up with the developing environment, but to dominate it with new concepts in cyberspace.
What constitutes unrestricted warfare in the cyberspace realm, really? Basically, it's the reliance on civilians for executing government sponsored or government tolerated cyber operations, the so called people's information warfare concept. The concept is fairly simple. Instead of establishing a dedicated cyber warfare unit, a country such as China is actively harnessing the potential of its hacktivist community for executing military operations and activities across the Web.
A number of questions remain for each and every cyber warfare department compared to the people's information warfare empowered civilians:
- Would they be allowed to embed sites of human rights watch activists with malicious software, and develop custom malware?
- Would they be allowed to hijack an existing botnet for the purpose of data mining for OSINT-gathering practices?
- Would they be allowed to launch offensive cyber warfare practices such as Denial of Service attacks against compromised infrastructure residing in a 3rd country?
- Would take take into consideration island hopping tactics before striking back?
- Would they be allowed to develop practical web exploitation tools assisting in massive exploitation attacks?
- To what degree would they be allowed to outsource their operations to providers of malicious underground services, instead of developing in-house solutions?
The answer to the majority of these is probably no, as the majority of these tasks are already actively executed by the Chinese cybercrime underground and the extremely vibrant hacktivist community inside the country -- China Eagle Union, the Hacker Union of China, and the Red Hacker's Alliance for starters. This has become possible due to the China's military realization of the untapped potential for asymmetric cyber dominance, thanks to the government tolerated and nurtured vibrant hacktivist community.
- See also: Attack of the Opt-In Botnets
The Chinese underground and hacktivist community is developed well enough to manage the tasks of a fully operational cyber warfare unit, because it relies on the people not on the department.
The net is vast and infinite, and trying to establish a borderline for cyber warfare operations based on the actions of the actual cyber warfare units, and not on the vibrant hacktivist communities and cybercrime underground within the countries, is totally wrong.