The response was pretty impressive, however. Alarms alerted Akamai's chief of security and network operations center as soon as the first DNS server started misbehaving under the attack.
By the time Andy Ellis, the security chief, walked to the NOC, most of the White Hat quick-response team who were on call for immediate response were already on a conference bridge assigning portions of the detailed attack-response plan appropriate for that particular attack.
Within 90 minutes the White Hat crew had used a series of packet filters, router reconfigurations, redirects and other countermeasures to block off most of the traffic from the attack, notify Internet and government sources to do what they could to shut down or prepare for the assault and cache forensic evidence that could be used to try to track the attack back to its source.
It wouldn’t have made a good action sequence; sysadmins and systems architects spring into action in ways that are not visually arresting.
But Akamai had a lot of experience in DDOS and other attacks – long before most companies would even admit having been probed by vandals, extortionists or vandals.
On-call members of the response team showed up when they were supposed to, knew their roles in various emergency response plans, knew how to apply countermeasures and who to notify of the attack and how to divvy up specific tasks quickly rather than spend more time talking on the conference bridge than it would have taken to put down the attack.
How could a content-distribution network be better prepared for cyberwar than the alliance that won the Cold War?
By contrast, the NATO release announcing the new cyberwar-response team described its emergency response procedure being to "meet immediately and draw up a plan of action. The aim is to restore the systems so that everything gets back to normal operation as quickly as possible."
No mention of identifying the source of the attack, using preconfigured defenses or countermeasures to take control of the attack and then carry it back to the enemy, all of which have become standard procedure for modern civilian IT security operations.
Most military organizations include that same sequence as part of the response plan to any stimulus – from an ambush to a booty call.
I thought for a while I might have been reading too much into a little drab verbiage from a military organization that is heavily bureaucratized and larded with diplomatic requirements and responsibilities.
Under the bland descriptors, it's possible NATO had the digitized version of Rambo and Chuck Norris confined in armored containers, waiting to be kill and eat any hacker foolish enough to toy with the toughest multinational military organization this side of the U.N.