While Estonian officials linked the attack in part to a computer in the Russian government, analysts say that nation's involvement is very difficult to prove – and may be the work of hacker-activists who only were encouraged by the Russians.
The country suffered a blow, but successfully prevented major damage. Estonia benefited from strong coordination of efforts by the government's computer emergency response team, or CERT. Law enforcement made a key local arrest, passing along critical information. System administrators shut out suspicious traffic, and foreign experts helped the CERT communicate with Internet service providers – many located in other countries – to cut off the sources of the attacks.
In the case of a major attack on this country, the US-CERT in the Department of Homeland Security may not have the same ability to take charge, analysts say.
"They do not have the central pull that [CERTs] have in other countries," says Jose Nazario, a senior security researcher at Arbor Networks. He says that the early development of the Internet here contributed to more independent security efforts, and private companies are sometimes loathe to share information with competitors. "The lack of clout can be frustrating. Internet Service Providers here in the States are generally free to ignore [US-CERT] if they want to, and there are some shady providers here."
The situation is improving, says Jerry Dixon, the acting director of the Department of Homeland Security's National Cyber Security Division, which runs US-CERT. He points to the rising number of incident reports of suspicious Internet activity from the private sector as well as government agencies, which are coming in at eight times the level of fiscal 2005.