However, the majority of cyber attacks are economically motivated, with the most common targets being gambling, e-commerce, pornography and financial Web sites.
"We don't see a lot of denial-of-service attacks these days because most of the cyber attacks we see are profit motivated," says Steve Bellovin, an Internet security expert and professor of computer science at Columbia University. "The most common are extortion, especially against gambling sites."
Lessons learned from Estonia
The packet floods used in the Estonian DoS attacks were not new. What was unusual about these attacks was the duration and the disruption they caused, experts say.
"The size and scale of these attacks in terms of the bandwidth and packets per second is in the middle in terms of what we have seen for these kinds of attacks," Nazario says. "But they lasted for weeks, not hours or days, which is much longer than we've seen for most of these attacks in the past. And the targets and the inferred motivation were geo-political rather than economic or a simple grudge. That suggests we have turned a corner."
Spafford says what's important for U.S. companies to learn about the Estonian incident is how much damage a small number of people with resources can do.
Another lesson learned from this incident is that the Estonian response -- of admitting the problem and getting help from ISPs and international governments -- was largely successful.
One suggestion for network managers is not to worry too much about figuring out where a cyber attack is coming from or why. Ed Amoroso, CSO at AT&T, says network managers should instead focus on mitigating the attack.
"For the day to day types of attacks people are dealing with, the goal of trying to determine where the attack originates remains very elusive because most of the attacks involve bots," Amoroso says. "It's so tempting in cyber security to say let's trace back the attack to see where it's coming from, and let's hypothesize what the geo-political situation is. Let's assume if we see that it's an intense attack, that it's well funded. But it's just as likely to be a kid sitting in Brooklyn. That's one of the great difficulties of doing cyber security."
The good news for U.S. CIOs is that they are better positioned to defend themselves against similar DoS attacks because the United States is so much larger than Estonia and has a more robust network infrastructure.
"The country of Estonia is about the size of Rhode Island," says Marty Lindner, a senior member of the technical staff at the U.S. Computer Emergency Readiness Team. "They only have so much infrastructure. When somebody decides to launch a DoS attack, all it takes is a little more energy than the size of your infrastructure to knock it over. The attacker here decided to take out 11 to 12 Web sites....If you take a big corporate network in the U.S., it is bigger and more robust than Estonia's will ever be."
Even though the U.S. network infrastructure is more robust than Estonia's, hactivism and other politically motivated attacks are still a worry for CIOs, Witt says.
"We have worked diligently with our critical infrastructure owners and operators, whether in the telecom industry or the IT industry or the chemical or energy sectors," Witt says. "We've been working at this for many years to make sure we have a more robust type of backbone to deal with this kind of attack. Is that to say we are 100% protected against this type of attack? Absolutely not. It all comes back to best practices and having plans in place to deal with attacks."