Categories: Security

A reading of the ENISA Annual Incident Reports 2012

ENISA issued the ENISA Annual Incident Reports 2012 on significant incidents in the electronic communications sector, which were reported to national regulators in 2012.

ENISA published the ENISA Annual Incident Reports 2012, a document that provides an overview of the process and an aggregated analysis of the 79 incident reports of severe outages of electronic communication networks or services which were reported by national regulators last year. ENISA with the National Regulatory Authorities (NRAs) of the different EU Member States discuss specific types of incidents, mandated by Article 13a of the Framework Directive (2009/140/EC). The following image illustrates the incident report flow:

 

 

This is the second “ENISA Annual Incident Reports” study proposed by the European Union Agency for Network and Information Security, it covers the incidents occurred in 2012 not including detailed information on countries and incidents. The report focuses on an aggregate analysis of the incidents highlighting their impact and causes.

Within European Union 18 countries reported 79 significant incidents meanwhile 9 countries reported no significant incidents, the majority of incidents affected mobile with an average of 1,8 million users per incident, a sensible increase if compared to the previous year.

Exactly as occurred last year most incidents affected mobile telephony or the mobile Internet, experts consider that mobile services are more at risk of large-scale outages.

The high figure of affected users is compatible with large diffusion of mobile devices and wide coverage of mobile infrastructures. Unfortunately in 37% of the reported incidents, the emergency number 112 was impacted, emergency services were hit on 63% of the cases meanwhile interconnections were affected in 11% of the reported incidents.

Following a short list of examples of incidents proposed by the ENISA Annual Incident Reports.

  • Overload caused the VoIP outage (hours, thousands, system failure)
  • Faulty upgrade halted IP-base traffic (hours, millions, human error)
  • Cable theft causing fiber optic cable break (hours, thousands, malicious attack)
  • DDoS attacks on DNS affected mobile Internet (hours, millions, malicious attack)
  • Big storm affecting power supply causing large scale outage (days, millions, natural disaster)
  • Configuration error (hours, millions, configuration error)
  • Vandalism by former employee affected DSL (days, thousands, malicious attack)
  • Faulty software update affected mobile telephony (hours, thousands, software failure)
  • Submarine cable cut from anchorage (hours, thousands, third party)

The root cause for the incident is the “System failures” (76 % of the incidents) followed by software bugs, the ENISA Annual Incident Reports also stated that the assets most often affected by system failures were switches (e.g. Routers with 20% ) and home location registers (16%).

The ENISA Annual Incident Reports document proposed also the impact of the incidents in terms of “user-hours lost”, Third party failure accounted for 36502 hours  followed by Natural phenomena cause at 20283 hours  and System failures at 19842.


Following the key figures proposed in the conclusions of the study:

  • Mobile networks most affected: Most incidents affected mobile telephony or mobile Internet (about 50 % of the incidents respectively).
  • Mobile network outages affect many users: Incidents affecting mobile telephony or mobile Internet affected most users (around 1,8 million users per incident). This is consistent with the high penetration rate of mobile telephony and mobile Internet.
  • Emergency Service are affected by incidents: In 37 % of the incidents there was impact on emergency calls using the emergency number 112.
  • System failures are the most common root cause: Most incidents were caused by root causes in the category “System failures” (75 % of the incidents). This was the most common root cause category also for each of the four services (fixed and mobile telephony and fixed and mobile Internet). In the category “System failures”, hardware failures were the most common cause, followed by software bugs. The assets most often affected by system failures were switches (e.g. routers and local exchange points) and home location registers.
  • Third party failures and overload affect many users: Incidents categorized with the root cause third party failures, mostly power supply failures, affected around 2.8 Million users on average. Incidents involving the detailed cause overload affected around 9.4 million users on average.
  • Natural phenomena cause long lasting incidents: Incidents caused by natural phenomena (mainly storms and heavy snowfall) lasted around 36 hours on average.
  • Overload and power failures have most impact: Incidents caused by overload followed by power failures respectively had most impact in terms of number of users times duration.
  • Switches and home location registers mostly affected by incidents: Overall, switches and home location registers were the network components or assets most affected by incidents.

Pierluigi Paganini

(Security Affairs – brain hacking, security)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog.…

7 hours ago

Hundred of CISCO switches impacted by bootloader flaw

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature…

18 hours ago

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks<gwmw style="display:none;"></gwmw>

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and…

1 day ago

Operation Destabilise dismantled Russian money laundering networks

Operation Destabilise: The U.K. National Crime Agency disrupted Russian money laundering networks tied to organized…

1 day ago

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6…

1 day ago

China-linked APT Salt Typhoon has breached telcos in dozens of countries

China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt…

1 day ago

This website uses cookies.