ENISA published the ENISA Annual Incident Reports 2012, a document that provides an overview of the process and an aggregated analysis of the 79 incident reports of severe outages of electronic communication networks or services which were reported by national regulators last year. ENISA with the National Regulatory Authorities (NRAs) of the different EU Member States discuss specific types of incidents, mandated by Article 13a of the Framework Directive (2009/140/EC). The following image illustrates the incident report flow:
This is the second “ENISA Annual Incident Reports” study proposed by the European Union Agency for Network and Information Security, it covers the incidents occurred in 2012 not including detailed information on countries and incidents. The report focuses on an aggregate analysis of the incidents highlighting their impact and causes.
Within European Union 18 countries reported 79 significant incidents meanwhile 9 countries reported no significant incidents, the majority of incidents affected mobile with an average of 1,8 million users per incident, a sensible increase if compared to the previous year.
Exactly as occurred last year most incidents affected mobile telephony or the mobile Internet, experts consider that mobile services are more at risk of large-scale outages.
The high figure of affected users is compatible with large diffusion of mobile devices and wide coverage of mobile infrastructures. Unfortunately in 37% of the reported incidents, the emergency number 112 was impacted, emergency services were hit on 63% of the cases meanwhile interconnections were affected in 11% of the reported incidents.
Following a short list of examples of incidents proposed by the ENISA Annual Incident Reports.
The root cause for the incident is the “System failures” (76 % of the incidents) followed by software bugs, the ENISA Annual Incident Reports also stated that the assets most often affected by system failures were switches (e.g. Routers with 20% ) and home location registers (16%).
The ENISA Annual Incident Reports document proposed also the impact of the incidents in terms of “user-hours lost”, Third party failure accounted for 36502 hours followed by Natural phenomena cause at 20283 hours and System failures at 19842.
Following the key figures proposed in the conclusions of the study:
(Security Affairs – brain hacking, security)