• Telecom Security Incidents 2022

    The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022.

    Published on March 14, 2024

  • Cyber Threats Outreach In Telecom - Leaflet

    This leaflet provides basic guidelines for National Authorities and telecom providers on how to inform users about cyber threats.

    Published on March 10, 2022

  • Cyber Threats Outreach In Telecom

    In this paper, we aim to give guidance to national Authorities and providers of electronic communications networks and services regarding how to strike the right balance and carry out efficient and effective outreach to users about cyber threats.

    Published on March 10, 2022

  • Countering SIM-Swapping

    In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of...

    Published on December 06, 2021

  • How to Avoid SIM-Swapping - Leaflet

    This leaflet, addresses the SIM-swapping attacks, how to recognise them and how to mitigate the risk connected to this fraud. In fact, subscriber Identity Module (SIM) swapping is a legitimate procedure performed by a customer to change their SIM...

    Published on December 06, 2021

  • Telecom Security Incidents 2020 - Annual Report

    Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package: Article 13a of the Framework Directive (2009/140/EC) came into force in 2011. The European Electronic Communications...

    Published on July 26, 2021

  • Assessment of EU Telecom Security Legislation

    European Union telecom security legislation has been changing over the last few years. In light of these policy changes, ENISA carried out an assessment of the implementation of EU telecom security policy, to inform policy makers in the Commission...

    Published on July 13, 2021

  • Telecom Security During a Pandemic

    The COVID-19 pandemic not only highlighted the importance of electronic communication networks and services for the EU’s society and economy, but it also triggered major changes and challenges in their use in the EU and worldwide. In this paper, we...

    Published on November 26, 2020

  • Telecom Services Security Incidents 2019 Annual Analysis Report

    Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package, Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The incident reporting in Article 13a...

    Published on July 23, 2020

  • Annual Report Telecom Security Incidents 2018

    This is the 8th time ENISA publishes an annual incident report for the telecom sector. In 2018, half of the total user hours lost (482 million user hours) were due to natural phenomena. It is the first year that natural phenomena are the main root...

    Published on June 05, 2019

  • Annual report Telecom security incidents 2017

    The Annual report Telecom security incidents 2017 is the 7th annual report about significant outage incidents in the EU electronic communications sector. The legal framework for this incident reporting process is Article 13a of the Framework...

    Published on August 30, 2018

  • Annual Incident Reports 2016

    For the sixth year, ENISA publishes the annual report about significant outage incidents in the European electronic communications sector, which are reported to ENISA and the European Commission under Article 13a of the Framework Directive...

    Published on June 16, 2017

  • Annual Incident Reports 2015

    For the fifth year, ENISA publishes the annual report about significant outage incidents in the European electronic communications sector, which are reported to ENISA and the European Commission (EC) under Article 13a of the Framework Directive...

    Published on October 05, 2016

  • Impact evaluation on the implementation of Article 13a incident reporting scheme within EU

    As several years have passed since the publication and implementation of the Framework Directive 2009/140 including Art. 13a, an impact evaluation of the new article was necessary. The evaluation has the purpose of assessing the changes in outcome...

    Published on March 18, 2016

  • Security incidents indicators - measuring the impact of incidents affecting electronic communications

    Measuring the impact of incidents has become one of the toughest challenges nowadays, given the multitude of factors/indicators that must be taken into consideration. To address this issue, indicators are used, accompanied by thresholds, to assess...

    Published on March 09, 2016

  • Analysis of security measures deployed by e-communication providers

    The aim of this document is to provide an overview of good practices as regards security measures that are deployed by electronic communication providers in Europe

    Published on February 09, 2016

  • Technical Guideline on Threats and Assets

    The Technical Guideline on Threats and Assets provides National Regulatory Authorities (NRAs) with a glossary of terms to communicate about the most significant threats and network assets involved in disruptions in electronic communications networks...

    Published on September 14, 2015

  • Annual Incident Reports 2014

    The report “Annual Incident reports 2014” provides an aggregated analysis of the security incidents in the European telecom sector in 2014 which caused severe outages. Most incidents reported to regulators and ENISA (137 incidents) involved fixed...

    Published on September 14, 2015

  • Guideline on Security measures for Article 4 and Article 13a

    The Technical Guideline on Security Measures for Article 4 and Article 13a gives guidance to national competent authorities about the supervision of security measures in Article 13a of the Framework Directive (2009/140/EC) and Article 4 of the...

    Published on April 09, 2015

  • Protection of Underground Electronic Communications Infrastructure

    This document aims to provide recommendations to Member States (MS) that wish to protect their underground electronic communications infrastructure against disruption due to civil works. This document shall help MS to assess their need to deploy an...

    Published on December 17, 2014

  • Security Guide for ICT Procurement

    The “Security Guide for ICT Procurement” aims to be a practical tool for electronic communications service providers to better manage security risks when dealing with vendors of ICT products and outsourced services. The Guide maps security risks...

    Published on December 11, 2014

  • Secure ICT Procurement in Electronic Communications

    The report, “Secure ICT Procurement in Electronic Communications”, focuses on the growing dependency of electronic communications service providers on ICT products and outsourced services, it analyses security risks associated with third party ICT...

    Published on December 11, 2014

  • Technical Guideline on Minimum Security Measures

    In this document we give guidance to NRAs about the implementation of Article 13a and in particular about the security measures that providers of public communications networks must take to ensure security and integrity of these networks. It lists...

    Published on October 24, 2014

  • Technical Guideline on Incident Reporting

    This guideline gives guidance to NRAs about the implementation of Article 13a (of EU Directive 2009/140/EC) and, in particular, the two types of incident reporting mentioned in Article 13a: the annual summary reporting of significant incidents to...

    Published on October 24, 2014

  • Annual Incident Reports 2013

    The Annual Incidents report 2013 provides an aggregated analysis of the security incidents in 2013 which caused severe outages. Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections.

    Published on September 16, 2014

  • Proposal for One Security Framework for Articles 4 and 13a

    There are two pieces of EU legislation which explicitly mention security measures in the telecom sector: Article 4 of the e-Privacy directive asks providers to take security measures to protect security of personal data processing. Article 13a of...

    Published on December 20, 2013

  • Power Supply Dependencies in the Electronic Communications Sector

    Electronic communications are the backbone of the EU’s digital society. Article 13a of the EU’s electronic communications Framework directive asks EU Member States to ensure the security and resilience of public electronic communications networks...

    Published on December 16, 2013

  • National Roaming for Resilience

    Mobile communications are an integral part of everyday life. In less than 30 years they have surpassed the traditional fixed line telephony. Every day millions of European citizens rely on mobile telephony for work, social life, but also to contact...

    Published on November 27, 2013

  • Schemes for auditing security measures

    Across society there are now critical services which rely on computers, networks and servers. Protecting the security of this information infrastructure is not easy. Often the information infrastructure is run by several organisations and uses...

    Published on October 03, 2013

  • Annual Incident Reports 2012

    This report provides an overview of the process and an aggregated analysis of the 79 incident reports of severe outages of electronic communication networks or services which were reported by national regulators during 2012.

    Published on August 20, 2013

  • Annual Incident Report 2011

    For the first time in the EU, in spring 2012, national reports about security incidents were provided to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC). This is a new article in the EU legal framework...

    Published on October 11, 2012

  • Cyber Incident Reporting in the EU

    We summarize different security articles in EU legislation which mandate cyber incidents and cyber security measures. In a single diagram we give an overview of Article 13a and Article 4 of the Telecom package, Article 15 of the proposed eID/eSig...

    Published on August 27, 2012

  • Good Practice Guide on Incident Reporting

    Given strong commitment by the EU institutions and the Member States to the resilience of public communications networks, ENISA was asked to help Member States and EU institutions to identify good practices in incident reporting schemes. This...

    Published on December 10, 2009

Didn't find what you were looking for?

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies