The European Union Agency for Network and Information Security (ENISA) published a report about large-scale outages in the electronic communication sector. It provides an aggregated analysis of the security incidents in 2013 which caused severe outages.
Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections. The most frequent causes are system failures affecting mainly base stations and switches.
The annual report is a result of an EU wide incident reporting process which started in 2012, under Article 13a of the Framework Directive (2009/140/EC). Incidents are reported nationally by operators to the National Regulatory Authorities (NRAs). The most severe outages are reported annually by the NRAs to ENISA and the European Commission.
The main findings are summarised below:
90 major incidents reported: This year 19 countries reported 90 significant incidents while 9 countries reported no significant incidents.
Mobile networks most affected: Approximately half of the major outages involved mobile internet and mobile telephony.
Impact on emergency calls: 21% of the major incidents also had an impact on emergency calls (access to 112).
Majority (61%) of outages caused by system failures: Most of the time these system failures were software bugs, hardware failures and software misconfigurations affecting switches and base stations.
The Executive Director of ENISA Professor Udo Helmbrecht comments: “Public communication networks and services are the backbone of the EU’s digital society. Our goal is to help increase the resilience and security of electronic communications. Incident reporting and discussing actual incidents is essential to understand the risks and what can be improved. ENISA will continue collaborating with the EU’s Telecom regulators to support efficient and effective reporting about security incidents”.