ENISA publishes its Annual Incidents report which gives the aggregated analysis of the security incidents causing severe outages in 2015.
October 2016 by ENISA
The report provides an overview of the root causes of the incidents and an aggregated level of which services and network assets are impacted. Incidents are reported on an annual basis by the Telecom Regulators under Article 13a of the Framework Directive (2009/140/EC) to ENISA and the European Commission. In 2015, 138 major incidents were reported, from twenty-one (21) EU countries and two (2) EFTA members while nine (9) countries reported no significant incidents. Most incidents reported, involve mobile telephony, which was the most affected service in 2015. The most frequent causes for incidents are system failures.
ENISA’s Executive Director, Prof. Udo Helmbrecht, said: “All parts of society rely on public electronic communications networks and services. Being transparent and discussing the causes of incidents, is essential for risk management and improving the level of security. ENISA is dedicated to help increase resilience in the electronic communications sector and will continue to foster and support transparency on incident reporting, promoting a systematic approach towards improved security measures in the sector.”
In summary, key findings indicate:
Mobile internet most affected service: In 2015 most incidents affected mobile internet, 44% of all reported incidents. Mobile internet and mobile telephony were the predominant affected services in the previous years too, except for 2014 where fixed telephony was the most affected.
System failures are the dominant root cause of incidents: 70 % of the incidents are caused by system failures or technical failures which also accounts as the dominant root cause for all the reporting years so far. In the system failures category, software bugs and hardware failures are the most commoncauses affecting switches and routers, and mobile base stations.
Human errors affected on average more user connections per incident: In 2015 human errors were the root cause category involving most users affected, accounting for almost 2.6 million user connections on average per incident. The second place was taken by system failures with 2.4 million user connections on average per incident.
Malicious actions are not focused on causing disruptions: the total number of incidents caused by malicious actions dropped to 2.5% from 9.6% in 2014. This may indicate that the malicious actions are not necessarily aiming at causing unavailability of services, but might have other objectives. Nevertheless, these types of incidents (ex: DDoS) had the most impact in terms of duration, accounting on average almost two days per incident.
New services affected: TV broadcasting / Cable TV Networks by 14% and SMS/MMS by 13%, public email by 5%, IPTV by 4,4%, VOIP services by 3,7% were the most affected services among the new ones that started being collected from this year.
These patterns are particularly important for risk and vulnerability assessments. In particular, conclusions on the main patterns of incidents contribute at a policy level on the strategic measures to improve the security in the electronic communications sector.
Art. 13a is part of the current Telecom Framework, a regulatory framework which is currently under review by the EU Commission, while a new draft is being expected by the end of the year. As a consultative body for the EU Commission, ENISA sustains a more harmonised approach between the newly adopted NIS Directive and the upcoming regulation. ENISA has an extensive expertise in the telecom sector, as activities in this area have been carried out for many years, which in in the telecom area cover: incident reporting, security measures, threats and assets, power supply dependencies, national roaming for resilience, ICT procurement in the telecom sector, and mitigating cable cuts.