Spafford calls the threat of political or ideological attacks against U.S. corporate networks significant. He points out that many early viruses and Web defacements were political statements.
"There are many organizations that may be targets for ideological groups because they do business somewhere in the world that may be unpopular," Spafford says. "If you're part of the banking or power industries, you may be a target for purposes of harm to the overall economy."
Spafford estimates that there are thousands of politically motivated attacks across the Internet each year. "Many of them aren't that coordinated or don't have as big of an impact as in Estonia," he adds.
However, the majority of cyber attacks are economically motivated, with the most common targets being gambling, e-commerce, pornography and financial Web sites.
"We don't see a lot of denial-of-service attacks these days because most of the cyber attacks we see are profit motivated," says Steve Bellovin, an Internet security expert and professor of computer science at Columbia University. "The most common are extortion, especially against gambling sites."
Lessons learned from Estonia
The packet floods used in the Estonian DoS attacks were not new. What was unusual about these attacks was the duration and the disruption they caused, experts say.
"The size and scale of these attacks in terms of the bandwidth and packets per second is in the middle in terms of what we have seen for these kinds of attacks," Nazario says. "But they lasted for weeks, not hours or days, which is much longer than we've seen for most of these attacks in the past. And the targets and the inferred motivation were geo-political rather than economic or a simple grudge. That suggests we have turned a corner."
Spafford says what's important for U.S. companies to learn about the Estonian incident is how much damage a small number of people with resources can do.
Another lesson learned from this incident is that the Estonian response -- of admitting the problem and getting help from ISPs and international governments -- was largely successful.
One suggestion for network managers is not to worry too much about figuring out where a cyber attack is coming from or why. Ed Amoroso, CSO at [AT&T], says network managers should instead focus on mitigating the attack.
"For the day to day types of attacks people are dealing with, the goal of trying to determine where the attack originates remains very elusive because most of the attacks involve bots," Amoroso says. "It's so tempting in cyber security to say let's trace back the attack to see where it's coming from, and let's hypothesize what the geo-political situation is. Let's assume if we see that it's an intense attack, that it's well funded. But it's just as likely to be a kid sitting in Brooklyn. That's one of the great difficulties of doing cyber security."
The good news for U.S. CIOs is that they are better positioned to defend themselves against similar DoS attacks because the United States is so much larger than Estonia and has a more robust network infrastructure.