Actu
System failures cause most large outages of electronic communications services according to a new ENISA report
September 2014 by ENISA
The European Union Agency for Network and Information Security (ENISA) publishes today the third annual report about large-scale outages in the electronic communication sector. The Annual Incidents report 2014 provides an aggregated analysis of the security incidents in 2013 which caused severe outages. Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections. The most frequent causes are system failures affecting mainly base stations and switches.
The annual report is a result of an EU wide incident reporting process which started in 2012, under Article 13a of the Framework Directive (2009/140/EC). Incidents are reported nationally by operators to the National Regulatory Authorities (NRAs). The most severe outages are reported annually by the NRAs to ENISA and the European Commission. The main findings are summarised below:
90 major incidents reported: This year 19 countries reported 90 significant incidents while 9 countries reported no significant incidents.
Mobile networks most affected: Approximately half of the major outages involved mobile internet and mobile telephony.
Impact on emergency calls: 21% of the major incidents also had an impact on emergency calls (access to 112).
Majority (61%) of outages caused by system failures: Most of the time these system failures were software bugs, hardware failures and software misconfigurations affecting switches and base stations.
Natural phenomena have most impact in terms of user-hours lost: Often severe weather (heavy snowfall, storms), led to power or cable cuts, which in turn led to severe outages in terms of user-hours lost. Assets mostly affected were base stations, switches and mobile switching.
The Executive Director of ENISA Professor Udo Helmbrecht comments:
“Public communication networks and services are the backbone of the EU’s digital society. Our goal is to help increase the resilience and security of electronic communications. Incident reporting and discussing actual incidents is essential to understand the risks and what can be improved. ENISA will continue collaborating with the EU’s Telecom regulators to support efficient and effective reporting about security incidents”.
This annual report does not mention specific countries, providers, or incidents. Specific incidents will be discussed with the European Commission and the NRAs, within the Article 13a Expert Group. Where needed ENISA will support EU Member States to mitigate specific types of incidents. Following the reporting about the 2012 incidents, ENISA is working on a buyer-vendor guide to allow providers to manage security while procuring from ICT vendors and outsourcing partners for their core operations.
For full report: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports/annual-incident-reports-2013/
Background: Article 13a of the Framework Directive (2009/140/EC) in the EU legal framework for electronic communications.
