Search results

284 items matching your search terms.
Filter the results.
Item type

New items since

Sort by relevance · date (newest first) · alphabetically
Press Release Malicious actions not necessarily focused on causing disruptions in TELECOM, but system failures still are
ENISA publishes its Annual Incidents report which gives the aggregated analysis of the security incidents causing severe outages in 2015.
Located in News / ENISA News
Report/Study Threat Landscape of Internet Infrastructure
This study details a list of good practices that aim at securing an Internet infrastructure asset from Important Specific Threats. A gap analysis identifies that some assets remain not covered by current good practices: human resources (administrators and operators) for Routing, DNS and Denial of Service, as well as System Configuration and Essential Addressing Protocols for Denial of Service.
Located in Publications
Report/Study Resilience Metrics and Measurements: Challenges and Recommendations
As part of the study run by ENISA, a set of metrics-specific questions was sent to a group of stakeholders. These questions concerned how resilience is measured on a sector basis (the surveyed participants were from public and private organisations, as well as national regulators, academia, etc.). This document presents the results of that study and aims to provide a non-technical overview to policy experts in the area of resilience. The key challenges to resilience measurements and the most interesting aspects of the answers received are summarised and analysed in this document. This report also summarises a number of recommendations arising from the analysis of the information received. The rest of the report is organised as follows. Section 2 presents the main challenges impeding the adoption of a commonly accepted framework for resilience metrics and measurements. In section 3, we summarise the main recommendations for future actions in the area of network and service resilience metrics and measurements. Finally section 4, includes all the detailed input we received from the questionnaires and interviews with stakeholders.
Located in Publications
Report/Study Troff document Resilience Metrics and Measurements: Technical Report
During the ENISA survey study on 'Resilience Metrics and Measurements: Challenges and Recommendations' it was found that there is lack of a standardised framework or good metrics. Resilience was not considered to be a well-defined term and depending on the context, it encompassed several interpretations and viewpoints. Additionally, there was consensus on the fact that information sharing and sources of consolidated information on resilience metrics were not readily available. These challenges were recognised as serious obstacles towards the adoption of resilience metrics. Addressing these concerns, this report represents an attempt to create a single technical source of information on resilience metrics, the taxonomies and the open issues. It puts together work that has been done in the areas of security, dependability and specific taxonomy research under the single umbrella of resilience. It is intended to become a source of information for the community interested on resilience and measurements, but also the cause to initiate more in depth works on the subject. This version is a discussion draft! (for comments please see contact details in the report.)
Located in Publications
Report/Study National Roaming for Resilience
Mobile communications are an integral part of everyday life. In less than 30 years they have surpassed the traditional fixed line telephony. Every day millions of European citizens rely on mobile telephony for work, social life, but also to contact emergency services. Hence outages of a mobile network can have a severe impact on the economy and on society. Mobile network outages are common. In 2012, EU Member States reported 79 significant incidents of electronic communications to ENISA and the European Commission. Most of these incidents had an impact on mobile telephony and mobile Internet. The goal of this report is to help National Regulatory Authority (NRAs) understand if and how roaming at national level could be used to improve resilience of mobile communication networks and services in case of large outages and start the discussion with the market players around this topic.
Located in Publications
Report/Study Critical Cloud Computing-A CIIP perspective on cloud computing services
In this report we look at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective and we look at a number of scenarios and threats relevant from a CIIP perspective, based on a survey of public sources on uptake of cloud computing and large cyber attacks and disruptions of cloud computing services.
Located in Publications
Report/Study Communication network interdependencies in smart grids
This study focuses on the evaluation of the interdependencies and communications between all the assets that make up the new power grids, their architectures and connections in order to determine their importance, threats, risks, mitigation factors and possible security measures to implement. To obtain this information, experts in the fields and areas related directly with smart grids were contacted to gather their know-how and expertise.
Located in Publications
Report/Study text/texmacs Can we learn from SCADA security incidents?
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the importance of good governance and control of SCADA infrastructures. In particular the ability to respond to critical incidents and be able to analyse and learn from what happened is crucial.
Located in Publications
Report/Study application/x-troff-ms Window of exposure… a real problem for SCADA systems?
Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems (ICS). In the last decade SCADA technology has passed through a transformation, from isolated and proprietary systems into open architectures and standard technologies that are highly interconnected with other corporate networks and the Internet. A consequence of this transformation is the increased vulnerability to outside attacks. One way to enhance the security of SCADA is through the application of patches. Ideally an organization would deploy patches as soon as they come available, however this is often not possible because of the complexity of the process in which SCADA systems are incorporated and because the systems often need to be operable at any given moment. Furthermore patches need to be tested thoroughly before they can be applied to production environment, which can take days or even weeks, during which a system is vulnerable. Alternative controls should be used during the WINDOW OF EXPOSURE for preventing a vulnerability to be exploited. For instance, when a webserver vulnerability has been discovered the organization could, if possible, block unwanted traffic to the webserver or disable the webserver all together.
Located in Publications
Report/Study Good Practices for an EU ICS Testing Coordination Capability
There is growing interest in ICS security testing in Europe. This has led to the current situation in which several initiatives have emerged. Unfortunately, they are mostly considered immature, with poor or no coordination between them and room for improvement in methodologies, standards and educational resources. Most experts consider that leveraging these efforts under a coordinated programme could help to raise the status of ICS security testing. In order to provide ICS security testing capabilities in the European Union, it is important to understand the needs of the community, and the main objectives that must be taken into consideration. An independent testing coordination capability, aligned with current standards, supported by public institutions and able to provide value to all involved stakeholders is required, but some other topics, such as the importance of making testing mandatory, are still under discussion.
Located in Publications

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more