Feature Article

August 20, 2013

European Network and Information Security Agency (ENISA) Releases 2012 Incident Report

It is report season for various companies and agencies around the world. The numbers for the last year or last few quarters have now been collected, correlated and analyzed, and whether it is from interview data such as the McKinsey report on C-level interest in digital technology value, or U.K. mobile operator EE’s revelation about 4G network usage and user behavior, the past is proving to provide an interesting prologue on what is coming both short and longer term.  

One report that always gets a fine review is the annual incident report by the European Union Agency for Network and Information Security (ENISA). The Annual Incident Reports 2012, which covers really major outages, has just been issued and it is a page turner.

At a high level it shows that of the 79 incident reports, almost 40 percent of the incidents in the European Union (EU) member countries affected the possibility of dialing the emergency number “112.”  It also highlighted the fact that mobile telephony/mobile Internet was most affected, and the impact was extraordinary with literally millions losing communications.

Disconcerting was that while cyber attacks caused just 6 percent of the major outages reported, they affected more people than hardware failures which accounted for 38 percent of all incidents and affected over 1.4 million users on average. This compares with 1.8 million users on average who felt the impact of cyber attacks, which affected primarily Internet access and were the second most common cause for outages of fixed Internet service accounting for 20 percent of those incidents. Such attacks also represented 13 percent of incidents that disrupted mobile Internet service.

Key conclusions of the ENISA Incident Report 2012

Here are some of the key conclusions from the report: 

Eighteen countries reported 79 significant incidents; nine countries reported no significant incidents.

Most incidents affected mobile telephony or mobile Internet (about 50 percent).

Incidents affecting mobile telephony or mobile Internet also affected most users (around 1.8 million users per incident). This is consistent with the high penetration rate of mobile telephony and mobile Internet in the EU.

Incidents caused by overload followed by power failures respectively had most impact in terms of number of users affected times duration.

For most incident reports, as well as for the four services, (fixed and mobile telephony, and fixed and mobile Internet) the root cause was “System failures” (75 percent).

Hardware failures were the most common cause of “Systems failures,” followed by software bugs.

Switches were the most frequent point of failure (e.g. routers and local exchange points) followed by mobile network home location registers.

Root cause third party failure incidents, mostly power supply failures, affected around 2.8 million user connections per incident on average.

Incidents involving overload affected around 9.4 million user connections per incident on average.

Incidents caused by natural phenomena (mainly storms and heavy snowfall) lasted the longest: On average, around 36 hours.

 Anonymized examples of the incidents reported range from:

Overload causing VoIP outage;

Faulty upgrade halting IP-based traffic;

Cable theft causing fiber optic cable break;

Distributed Denial of Service (DDoS) attacks on Domain Name System (DNS) affecting mobile Internet;

Faulty software updates affecting mobile telephony.

The report, which is in its second year, does a nice job of year-to-year comparisons. And, if you download the full 30 page report, don’t stop with the conclusions. By all means check the annex materials which have data and root causes and detailed causes per service, and causes and impact for Circuit Switched Telephony and VoIP.

An example of the type of valuable information provided is exemplified in the chart below:


Chart courtesy ENISA
Executive Director of ENISA Professor Udo Helmbrecht commented: “The EU collaboration behind this report is key to improving the security and resilience of electronic communications networks in the EU, as well as for security in other critical sectors. Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again. ENISA, with all National Reporting Authorities across the EU, will continue delivering practical lessons learned that could significantly improve the security of our telecommunication infrastructure.”

Since this is the report of a security agency, and as mandated by the EU under Article 13a is designed to give decision-makers a view on events that have broad impact, the fact that most of the problems are systems and software failure related—switches, user and location registers, base stations and controller, mobile switching systems and core network components—and not systems and software-related because of being compromised by cyber attacks, should be viewed as relatively good news. That stated, the trend of cyber attacks moving up fast as a cause certainly is an alarm sounding that should be heeded. In addition, the issues surrounding the mobile networks and mobile Internet, as well as those relating to VoIP, are also areas that need to be addressed. Plus, given the obvious large number of people impacted, and the difficulty of service restoration, clearly contingency planning in preparation for natural disasters is key. 

As we who live in the path of Hurricane Sandy in the US are all too well aware, the expectation that the mobile networks would be there and operating, and had back-up power at all of the cell sites to ensure this was the case, was a faulty assumption. And, while getting physical structures back up to speed takes longer than fixing (for example) bad code, given the potential of cyber terrorists in the future to leverage the compromising of the electric grid, the reality is that distinctions as to why systems and software failed are likely to become blurred in the future. The connected world, and specifically the connected EU in many ways, should be thankful that even these large outages have not been as large as they could be and despite the gross number are relatively infrequent. 

The ENISA reports are designed to keep it that way in terms of providing guidance as to network vulnerabilities and operator responsiveness.




Edited by Rory J. Thompson


FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter