There are two memetic aspects to a cyber-attack. The first is to manipulate or change the weights of the meme-spreading network. That is done by planting disinformation in the key nodes, as I’ve described in the comment above. But the second is to suppress original material and salient facts.

Did you know that Wikipedia has a policy against posting original material? That’s because original material is, in the first instance, unverified. It becomes hallowed by a process of consensus or information cascade. But at its genesis, most of our original material comes from the press and increasingly, onsite bloggers. The real significance of denial of service attacks on the .ge (Georgia) domains was to suppress original material, to preserve the Big Lie for as long as possible. The Big Lie is eventually unmasked, but the process is lagged, by which time it has been supplanted by another Big Lie. And since the Press jumps like a frog, from lilypad to lilypad of subject matter, (not through personal incompetence but because of the way the news model works) then it is a perfect subject for disinformation. Putin just needs to leave a trail of lilypads …

The obvious way to stop this is to dump the last 3 months of packet stats into a database, mine it for patterns and determine the profile of the threat. And then we need to create triggers that will spot this profile or something structurally like it and send an alert. Then the options are, to shape their bandwidth, yank their cables, disinform their disinformers, wage a counter meme shaping campaign of their own. This is not rocket science. The key breakthrough will be political will and managerial focus.