The Annual Incidents report 2013 provides an aggregated analysis of the security incidents in 2013 which caused severe outages. Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections. The most frequent causes are system failures affecting mainly base stations and switches.
The annual report is a result of an EU wide incident reporting process which started in 2012, under Article 13a of the Framework Directive (2009/140/EC). Incidents are reported nationally by operators to the National Regulatory Authorities (NRAs). The most severe outages are reported annually by the NRAs to ENISA and the European Commission. The main findings are summarised below:
- 90 major incidents reported: This year 19 countries reported 90 significant incidents while 9 countries reported no significant incidents.
- Mobile networks most affected: Approximately half of the major outages involved mobile internet and mobile telephony.
- Impact on emergency calls: 21% of the major incidents also had an impact on emergency calls (access to 112).
- Majority (61%) of outages caused by system failures: Most of the time these system failures were software bugs, hardware failures and software misconfigurations affecting switches and base stations.
The Executive Director of ENISA Professor Udo Helmbrecht comments:
“Public communication networks and services are the backbone of the EU's digital society. Our goal is to help increase the resilience and security of electronic communications. Incident reporting and discussing actual incidents is essential to understand the risks and what can be improved. ENISA will continue collaborating with the EU's Telecom regulators to support efficient and effective reporting about security incidents”.
This annual report does not mention specific countries or providers. Specific incidents will be discussed with the European Commission and the NRAs, within the Article 13a Expert Group. Where needed ENISA will support EU Member States to mitigate specific types of incidents. Following the reporting about the 2012 incidents, ENISA is working on a buyer-vendor guide to allow providers to manage security while procuring from ICT vendors and outsourcing partners for their core operations.
Major cyber incident reporting in the e-communications sector - video: https://www.youtube.com/watch?v=ArHKpkFnRB0
For interviews: Christoffer Karsberg, Expert in Network and Information Security, email: Christoffer. Karsberg (at) enisa.europa.eu, mobile: +30 6951782255
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!