Among the industries that could be targets for future cyber attacks are not only ISPs and banks but also oil and electric companies.
"When you think about the citizens of many countries that may disappear beneath the ocean from global warming within 50 years, it's fairly easy to imagine a small, disaffected group [launching cyber attacks] because they're not being heard otherwise," says Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security at Purdue University. "We have seen various groups because of racial or religious extreme ideologies...circulating literature about bringing down utility grids."
Was it Cyber war?
Despite the initial headlines, most security experts say the Estonian incident wasn't all-out cyber warfare because it doesn't appear to have been sponsored by the Russian government.
"I would call it more of a political statement," Witt says.
Spafford says true cyber warfare would be undertaken by one nation to bend another to its political will, and network attacks would likely be a companion to other physical attacks.
"The activity that was carried out in Estonia was malicious and criminal," Spafford says. "If you look at some of the political demonstrations held in countries around the world, where traffic is brought to a standstill and there are work stoppages and banks are shut down as a matter of political statement, you wouldn't call that warfare."
Charles Kaplan, chief technology strategist at Mazu Networks, says the Estonian attacks appear to have been conducted by Russian citizens but weren't orchestrated by the Russian government.
"If it really was a government-caused event, we would have seen something more damaging," Kaplan says. "This was a pure demonstration of brute force, and it did have some economic impact. If somebody really wanted to take these guys down, the damage would have been greater than it was."
There are only two other known network attacks that were as devastating as the Estonian incident and have been called cyber warfare. One, dubbed Titan Rain by the U.S. government, took place in 2003 and involved Chinese military attacks on networks run by Lockheed Martin, Sandia National Laboratories, Redstone Arsenal and NASA. The other incident, which the U.S. government refers to as Moonlight Maze, occurred in 1999 and involved Russian attacks on classified military information.
Whether it was cyber war or hactivism, the Estonian incident shows the devastation that a politically motivated network attack can have on government and commercial networks.
Security experts agree that it should be an eye-opener for CIOs, who have been focused on profit-oriented attacks and should consider the threat of politically motivated ones, too.
Spafford calls the threat of political or ideological attacks against U.S. corporate networks significant. He points out that many early viruses and Web defacements were political statements.
"There are many organizations that may be targets for ideological groups because they do business somewhere in the world that may be unpopular," Spafford says. "If you're part of the banking or power industries, you may be a target for purposes of harm to the overall economy."
Spafford estimates that there are thousands of politically motivated attacks across the Internet each year. "Many of them aren't that coordinated or don't have as big of an impact as in Estonia," he adds.