In its Annual Incident Reports 2012 (30-page / 1.88MB PDF), the European Network and Information Security Agency (ENISA) said that 76% of outages reported last year within the EU resulted from system failures. The term refers to problems experienced with both hardware and software, ENISA said.
"Hardware failures were the most common cause, followed by software bugs," ENISA, which is an EU advisory body, said in its report. "The assets most often affected by system failures were switches (e.g. routers and local exchange points) and home location registers."
In total 18 national regulators reported that there had been 79 significant outage incidents last year. Of those incidents, 13% could be attributed to failings by a third party, 8% had malicious attacks as a root cause, 5% were down to human error and 6% were caused by natural phenomena, such as storms and heavy snowfall. The numbers tally to greater than 100% because some of the outages had multiple root causes, ENISA said.
According to the figures, cyber attacks were a root cause of fixed telephone and fixed internet outages in 10% and 20% of cases respectively. ENISA cited an example of a cyber attack that caused disruption to services in its report.
"A series of Distributed Denial of Service attacks targeted a provider’s domain name service," ENISA said. "Up to 2,5 million mobile Internet users were affected during 1-2 hours. The attacking IP-addresses were tracked and blocked, the load balancing units were restarted and the traffic could be recovered. As post-incident actions additional DNS servers were installed, configuration changes were made on firewalls and hardware was expanded to withstand similar attacks."
Outages caused by storms, snowfall or other natural phenomena lasted the longest, on average, of all the other incidents with other root causes. The average down time for natural phenomena outages was 36 hours on average, ENISA said.
However, incidents caused by a third party failures, such as power supply failures, or network overloads caused disruption to the most number of people, on average. Whilst about 2.8 million user connections on average were disrupted by root cause third party failures, approximately 9.4m user connections on average were affected by outages caused by overloads, it said.
Under the EU's Framework Directive, public communications networks and publicly available electronic communications service providers are required to "take appropriate technical and organisational measures to appropriately manage the risks posed to security of networks and services" in a way that ensures "a level of security appropriate to the risk presented".
Those networks and service providers are further obliged to "take all appropriate steps to guarantee the integrity of their networks, and thus ensure the continuity of supply of services provided over those networks".
If there is a breach of security or loss of integrity to the network or service which results in "a significant impact on the operation of networks or services", the networks and service providers are required to tell national regulators about those incidents. Once a year each national regulator is obliged to report to ENISA on the notifications it has received.
ENISA executive director, Professor Udo Helmbrecht, said: "The EU collaboration behind this report is key to improving the security and resilience of electronic communications networks in the EU, as well as for security in other critical sectors."
"Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again. ENISA, with all National Reporting Authorities across the EU, will continue delivering practical lessons learned, that could significantly improve the security of our telecommunication infrastructure," he added.
