One of the leaked US State Department cables sent shortly after the 2007 online attack against Estonia has highlighted failings in conventional disaster recovery planning, and shows serious weaknesses in some industries.
The cable detailed the Estonian attacks based on interviews with key sources and showed a number of strengths and weaknesses in traditional disaster recovery planning and IT security management. One of the chief failings found was that the established chain of command failed completely and decisions were largely taken by staff on the ground in an ad hoc fashion, rather than basing actions on the traditional chain of command.
“XXXXXXXXXXXX explained that neither CERT nor the government of Estonia had the personnel to put out the fire and also act as a secretary to take down the minutes," the cable from the US embassy in Tallin reports.
“(Note: XXXXXXXXXXXX claims of staff shortages are somewhat questionable
given that he
told us that neither he nor any of his staff had to work overtime during the cyber attacks.)"
The report also found that, while large companies and financial institutions were usually able to weather the storm, smaller businesses did not have any policy or official guidance on how to deal with the attacks and many lacked the ability to purchase additional bandwidth.
Furthermore the Estonians were helped by the fact that the attacks themselves were of a fairly primitive nature. Rein Ottis, the country's head of cyber defence at the Ministry of Defence, said that if the attackers had actually targeted key servers and routers rather than used blanket attacks, the country would have been shut down fairly easily.
Defenders were also helped by the fact that the attacks were discussed online by the participants in public chat rooms, and by monitoring these the security team could mitigate specific attacks. Most attacks usually occurred in the evening, which also helped as this was the lowest traffic period of the day for regular internet users.
In addition, the attackers went for the government and banking sector. According to an Estonian source if the attacks had been made against the nation's logistics infrastructure, the result could have been a lot worse, since three quarters of grocery stores, petrol stations and shops rely on the internet for their orders and deliveries.
“Although these cyber attacks were unprecedented in nature, our Estonian interlocutors all agreed that the outcome could have been much worse,” the cable states.
“They also note that the impact on cyber defence policy for both the public and private sectors will be discussed and felt for a very long time.”
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment
Did you make the shortlist for the UK's most respected IT event?
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3