It's difficult to separate the hype from the rest when it comes to discussing cyberwarfare, mostly because both the theory and practice of this type of war are so underdeveloped.
The Stuxnet virus, created by American and Israeli intelligence to degrade the Iranian nuclear facility in Natanz, was a first in the history of cyberwarfare: it caused physical damage out in realspace through actions in cyberspace. Stuxnet worked by causing centrifuges in the facility to go haywire, spinning so fast that they destroyed themselves; and it was designed to carefully hide its presence so that the Iranians would suspect incompetence or faulty hardware rather than malware. Stuxnet illustrates the potency and danger of cyberwarfare - it uses cyberspace in ways that are relatively cheap to influence the real world, where resources are expensive and consequences potentially vast.
The ease with which cyberwarfare can be used means that, as time goes on, its tools will be in the power of non-state actors like terrorists or "hacktivists". Here is where students of cyberwarfare get to use their favourite analogy, which is between the advent of nuclear warfare and the advent of cyberwarfare. Just as nuclear technology spread over time and got cheaper to develop, the same thing will happen to the tools of cyberwarfare - only it will spread much quicker and continually develop in ways that we cannot now imagine. Nuclear warfare is very binary: you're either in a nuclear war and everyone dies, or you're not. This starkness is a big reason why nuclear weapons have only twice been used in anger. Cyberwarfare is different, and it involves gradations and grey areas which will encourage its use.
Another factor which suggests that cyberwarfare is going to be a large problem in the future is how difficult it is to attribute responsibility for an attack. We're familiar with this factor with terrorism: the terrorist doesn't have a return address, which means that deterrence - you harm me, I harm you - doesn't work properly. It took years for the FBI to find out who was responsible for the anthrax letters after 9/11, but even they had found their man before Osama bin Laden got his comeuppance.
This is part of the fear of unstable or nasty regimes having access to weapons of mass destruction - they could pass them to a terrorist who could use them and we'd never be any the wiser where the original weapon came from. Cyberwarfare takes this a step further - the Chinese military could launch a cyberattack on America, and it may well be impossible to know - and I mean really know, "let's retaliate against Beijing" know - that they did it. The risk of false flag attacks - say, China launches a cyberattack against America and makes it look like Russia did it - is also much greater.
What complicates all of this even further is the miniscule periods of time involved before we might need to respond to a cyberattack, given how quickly they could progress. This will place a premium on automated responses and doctrine, and these are not likely to work very well, especially at first. The ease with which cyberwarfare could evolve also places it in a vastly different category to nuclear warfare, where the basic systems took years to develop and were generally known and understood by both sides. Forget your "missile gap" (the supposed deficiencies of American vs. Soviet missiles in the late 1950s) or your bomber gap - what about a code gap? How would we even have an inkling it existed until all the lights in London had gone off and satellites were falling from the sky?
None of this is supposed to sound alarmist, although we should notice the extent to which national security establishments are now starting to pay serious attention to these matters. Critical facilities can always be defended with an "air gap", a physical disconnect between the internet and their computer systems - Stuxnet relied on someone being stupid enough to plug a thumb drive into a system at Natanz (it eventually got out onto the internet by the reverse process - someone took a thumb drive out of Natanz, plugged it into their laptop, and Stuxnet started happily reproducing, searching for centrifuges to spin out of control all over the internet). But as the basis of the internet is civilian and open, most systems which are key to our lives - banks, power utilities, water companies, supermarkets - cannot so easily be isolated. Yet their malfunctioning could have grave effects.
But all of this means that it's likely, over time, that the way the internet works is going to change. Just as we have been asked to accept new restrictions in realspace due to physical terrorism - longer airport queues and body scanners and reduced privacy - the same will inevitably happen in cyberspace eventually. The internet may undergo change to make attribution easier and to increase resilience; if we don't make these changes pre-emptively, then they will come to seem inevitable after the first or second or third major cyberattack. No realm of activity that humankind creates, cyber or otherwise, appears to be able to escape from that fundamental conflict of freedom versus security that has always perplexed us.
For some of the details of Stuxnet, which are so salacious that the Justice Department has just appointed two United States attorneys to investigate where the leaks they are based on came from, see this article by David Sanger. It is based on his book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. Joseph Nye, The Uses of Power, and an article by him in Strategic Studies Quarterly, which you can read online here, delve into the wider issues.