ENISA comments on massive cyber attacks in Estonia

Events in Estonia highlight that pro-active security needs the support of Incident Response (IR) capabilities in the moments of crisis. Cyber attacks against Estonia, mainly in the form of Distributed Denial of Service (DDoS) attacks, primarily targeted the Estonian Government and police sites. Private sector banking and on-line media were also heavily targeted and the attacks affected the functioning of the rest of the network infrastructure in Estonia. As a result, the targeted sites were inaccessible outside of Estonia for extended periods in order to subdue the attacks and to maintain services within the country. DDoS attacks are hard to mitigate and demand a lot of coordination and cooperation from various parties. CERT Estonia, established late last year, along with many local security managers and CERTs from other countries had to establish such a cooperative effort quickly to subdue the attacks. Teams like CERT-FI, CERT-BUND and TF-CSIRT forum helped to involve the international CERT community in mitigating attacks in Estonia.

ENISA Agency, as a Centre of Expertise, has no operational role and does not cover fighting cyber crime, since it is not within the mandate of ENISA.