Why cyberwarfare sounds more like AK-47s than like stealth bombers
Cyberwarfare consisting of citizen militias and the digital equivalent of cheap rifles does not preclude the existence of more effective weaponry. First, a history lesson.
The second half of the twentieth century witnessed a shift in warfare from battles fought by large standing armies to proxy wars waged by cheap weaponry in smaller, less powerful states. This form of warfare, virtually necessitated by multi-party development of the nuclear bomb and its associated delivery methods, was conducted using rifles like the AK-47 in untrained hands. Cheap, reliable, and relatively inaccurate compared to the weapons shouldered by western armies, the AK allowed countries to exert their political will by giving a population a broad target and shipping rifles by the hundreds of thousands, a tactic that the Department of Defense expects to see until 2050 at least.
We hairless monkeys haven't restricted ourselves to irregular armies and small arms for killing each other. The 1990-1 Gulf war was fought between two conventional armies using modern tactics in conjunction with advanced arms. The initial strikes were conducted using then-classified weapons like the F-117 light bomber that could not be detected via any means available to the opponent at the time. The cutting edge technologies could only be used for a handful of conflicts, as countermeasures would be able to evolve and defend against the threat.
What does this have to do with cyberwar? Well, the reported cyberwar events are far more similar to proxy warfare than it does to conventional warfare between nation-states. An untrained and motivated population is being armed with cheap and inaccurate DDoS tools to take out their anger against political targets. The kind of events that rarely make the news are those consisting of zero-day exploits that were either developed in secrecy by highly-skilled engineers and, when deployed, target specific individuals and data. Tools for this form of warfare can only be used a handful of times each before the underlying software that is being exploited is patched, restricting their use to rare circumstances.
We can't assume that advanced attacks are not occurring. Much like raids from stealth bombers, we may not recognize the source of the attack while it is being conducted, or that the event happened until it is far past any point where attribution can be assigned. If governments are pushing citizen groups to use DDoS techniques, then we should assume they are also stockpiling heretofore unknown exploits for eventual use for a real conflict.