Software bugs and hardware failures disrupt telephony and internet access - ENISA Annual Incidents Report
September 2015 by ENISA
ENISA publishes its Annual Incidents report which gives the aggregated analysis of the security incidents causing severe outages in 2014. Incidents are reported on an annual basis, by the Telecom Regulators under Article 13a of the Framework Directive (2009/140/EC) to the Agency and the European Commission.
The report provides an overview on an aggregated level of which services and network assets were impacted, and the root causes of the incidents. In 2014, 137 major incidents were reported, from 24 EU countries and 1 EFTA member and 4 countries reporting no significant incidents. Most incidents reported, involve fixed telephony. The most frequent causes for incidents are technical failures, affecting mainly switches and routers.
In summary, key findings indicate:
Fixed telephony is the most affected, nearly half of all reported incidents (47%). This is a change compared to previous reporting years, when mobile internet and telephony were the most affected by incidents. Incidents in mobile internet and telephony affect most users accounting for 1.7 and 1.2 million users respectively per incident
Impact on emergency calls: 29 % of the incidents illustrate problems in reaching the 112 emergency services.
System or technical failures cause most outages accounting for 65% of all reported incidents, with software bugs and hardware failures, being the most common causes affecting switches and routers. Additionally human error also ranks high, which calls for improved cooperation between providers, construction workers and third party vendors of equipment and managed services.*
These patterns are particularly important for risk and vulnerability assessments. Conclusions on the main patterns of incidents contribute at a policy level on the strategic measures to improve the security in the electronic communications sector.
ENISA’s Executive Director Udo Helmbrecht commented: “All parts of society rely on public electronic communications networks and services. Being transparent and discussing the causes of incidents, is essential for risk management and improving the level of security. ENISA is dedicated to help increase resilience in the electronic communications sector and will continue to foster and support transparency on incident reporting, promoting a systematic approach towards improved security measures in the sector.”
Within this context ENISA is assessing the impact of the Article 13a Incident Reporting Scheme in the EU, while a study is being carried out to analyse alternative indicators for measuring impact in electronic communications services. In addition, ENISA has issued the Guideline on Threats and Assets in the Telecom Sector, a glossary of the most significant threats and network assets, involved in disruptions in electronic communications networks and services.
For full reports: