The DDOS is one of the lowest forms of disruption you can use. The worm code used was really old, the number of machines infected was really small, and the strategy used was really poor. Not to make light of this but knocking a few websites off the web really only takes an old pop-singer taking the long dirt nap.

The security service attacked by DDOS is availability but it only really matters in high performance, low latency systems, and web servers aren't that kind of animal. As to the strategy used by this adversary it really showed a low level of sophistication. Instead of targeting a few websites and possibly hiding a compromising exploit in the noise they attacked numerous websites with little hope of sustaining that kind of broad based attack.

In many ways attacking web servers is like painting mustaches on bill boards of super models. Web servers are not critical infrastructure, the attack is more annoying than dangerous, and the media response is likely going to be out of proportion to the attack.

As an aside most DDOS are actually user generated not any kind of cyber warfare. Users get all excited as they did in the Michael Jackson death and swarm to news websites crippling them instantly (like what happened to CNN). The second thing is that it is often the system admins who pull something down to keep sophisticated adversaries from hiding in the noise and using the web servers as jump off points to more tasty targets. And, finally AKAMI and other distributed systems vendors deal with DDOS as a business.

That doesn't mean it is nice, friendly, or isn't a probe to test responses. You must take these things seriously or the next one might be against the central power distribution grid telemetry computers in Chicago. A DDOS there would be catastrophic.