Categories: Security

A reading of the ENISA Annual Incident Reports 2012

ENISA issued the ENISA Annual Incident Reports 2012 on significant incidents in the electronic communications sector, which were reported to national regulators in 2012.

ENISA published the ENISA Annual Incident Reports 2012, a document that provides an overview of the process and an aggregated analysis of the 79 incident reports of severe outages of electronic communication networks or services which were reported by national regulators last year. ENISA with the National Regulatory Authorities (NRAs) of the different EU Member States discuss specific types of incidents, mandated by Article 13a of the Framework Directive (2009/140/EC). The following image illustrates the incident report flow:

 

 

This is the second “ENISA Annual Incident Reports” study proposed by the European Union Agency for Network and Information Security, it covers the incidents occurred in 2012 not including detailed information on countries and incidents. The report focuses on an aggregate analysis of the incidents highlighting their impact and causes.

Within European Union 18 countries reported 79 significant incidents meanwhile 9 countries reported no significant incidents, the majority of incidents affected mobile with an average of 1,8 million users per incident, a sensible increase if compared to the previous year.

Exactly as occurred last year most incidents affected mobile telephony or the mobile Internet, experts consider that mobile services are more at risk of large-scale outages.

The high figure of affected users is compatible with large diffusion of mobile devices and wide coverage of mobile infrastructures. Unfortunately in 37% of the reported incidents, the emergency number 112 was impacted, emergency services were hit on 63% of the cases meanwhile interconnections were affected in 11% of the reported incidents.

Following a short list of examples of incidents proposed by the ENISA Annual Incident Reports.

  • Overload caused the VoIP outage (hours, thousands, system failure)
  • Faulty upgrade halted IP-base traffic (hours, millions, human error)
  • Cable theft causing fiber optic cable break (hours, thousands, malicious attack)
  • DDoS attacks on DNS affected mobile Internet (hours, millions, malicious attack)
  • Big storm affecting power supply causing large scale outage (days, millions, natural disaster)
  • Configuration error (hours, millions, configuration error)
  • Vandalism by former employee affected DSL (days, thousands, malicious attack)
  • Faulty software update affected mobile telephony (hours, thousands, software failure)
  • Submarine cable cut from anchorage (hours, thousands, third party)

The root cause for the incident is the “System failures” (76 % of the incidents) followed by software bugs, the ENISA Annual Incident Reports also stated that the assets most often affected by system failures were switches (e.g. Routers with 20% ) and home location registers (16%).

The ENISA Annual Incident Reports document proposed also the impact of the incidents in terms of “user-hours lost”, Third party failure accounted for 36502 hours  followed by Natural phenomena cause at 20283 hours  and System failures at 19842.


Following the key figures proposed in the conclusions of the study:

  • Mobile networks most affected: Most incidents affected mobile telephony or mobile Internet (about 50 % of the incidents respectively).
  • Mobile network outages affect many users: Incidents affecting mobile telephony or mobile Internet affected most users (around 1,8 million users per incident). This is consistent with the high penetration rate of mobile telephony and mobile Internet.
  • Emergency Service are affected by incidents: In 37 % of the incidents there was impact on emergency calls using the emergency number 112.
  • System failures are the most common root cause: Most incidents were caused by root causes in the category “System failures” (75 % of the incidents). This was the most common root cause category also for each of the four services (fixed and mobile telephony and fixed and mobile Internet). In the category “System failures”, hardware failures were the most common cause, followed by software bugs. The assets most often affected by system failures were switches (e.g. routers and local exchange points) and home location registers.
  • Third party failures and overload affect many users: Incidents categorized with the root cause third party failures, mostly power supply failures, affected around 2.8 Million users on average. Incidents involving the detailed cause overload affected around 9.4 million users on average.
  • Natural phenomena cause long lasting incidents: Incidents caused by natural phenomena (mainly storms and heavy snowfall) lasted around 36 hours on average.
  • Overload and power failures have most impact: Incidents caused by overload followed by power failures respectively had most impact in terms of number of users times duration.
  • Switches and home location registers mostly affected by incidents: Overall, switches and home location registers were the network components or assets most affected by incidents.

Pierluigi Paganini

(Security Affairs – brain hacking, security)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

A ransomware attack disrupted services at Pittsburgh Regional Transit

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency's…

1 hour ago

A cyber attack hit Japan Airlines delaying ticket sales for flights

A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing…

5 hours ago

Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic…

15 hours ago

BellaCPP, Charming Kitten’s BellaCiao variant written in C++

Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao…

18 hours ago

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to…

1 day ago

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

Adobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC…

2 days ago

This website uses cookies.