Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

ENISA Report Outlines Incidents Causing Major Outages at Telcos

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, has released a new report outlining incidents that resulted in “major outages” at electronic communication networks or services in the EU during 2012.

The report provides an aggregated analysis of the 79 reported incidents of severe outages of electronic communication networks, or services during the year.

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, has released a new report outlining incidents that resulted in “major outages” at electronic communication networks or services in the EU during 2012.

The report provides an aggregated analysis of the 79 reported incidents of severe outages of electronic communication networks, or services during the year.

According to the Annual Incident Reports 2012:

• 18 countries reported 79 “significant” incidents, nine countries reported no significant incidents.

• Most incidents affected mobile telephony or mobile Internet (about 50%).

• Incidents affecting mobile telephony or mobile Internet also affected most users (around 1.8 million users per incident).

• Incidents caused by overload followed by power failures respectively had most impact in terms of number of users affected times duration.

• For most incident reports, as well as for the four services, (fixed and mobile telephony, and fixed and mobile internet) the root cause was “System failures” (75 %).

• Hardware failures were the most common cause of “Systems failures”, followed by software bugs.

• Switches were the most frequent point of failure (e.g. routers and local exchange points) followed by mobile network home location registers.

• Root cause third party failure incidents, mostly power supply failures, affected around 2.8 million user connections per incident on average.

• Incidents involving overload affected around 9.4 million user connections per incident on average.

• Incidents caused by natural phenomena (mainly storms and heavy snowfall) lasted the longest: on average around 36 hours.

Some interesting incidents pulled from the report include

Overload caused VoIP outage – In the shift from a temporary to a permanent network solution, voice over IP service was disrupted for 400,000 users after the platform became overloaded as a result of too many simultaneous registrations of customer devices.

Faulty Upgrade halted IP-base traffic – An upgrade in a core router went wrong, causing a drop of all IP based traffic for the provider causing many services to go down, including the emergency number 112. This incident led to an outage of 17 hours affecting 3 million users.

DDoS attacks on DNS affected mobile Internet – A series of DDoS attacks targeted a provider’s domain name service. Up to 2.5 million mobile Internet users were affected during 1-2 hours. The attacking IP-addresses were tracked and blocked, the load balancing units were restarted and the traffic could be recovered. As post-incident actions additional DNS servers were installed, configuration changes were made on firewalls and hardware was expanded to withstand similar attacks.

“Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again,” ENISA Executive Director, Professor Udo Helmbrecht said in a statement.

The full report can be downloaded here. ENISA’s 2013 report is expected to be published in the spring of 2014. 

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.