Although cyberattacks caused just 6 percent of significant outages of public electronic communications networks and services in the E.U. last year, they affected more people than hardware failure, a much more common factor in service disruptions, according to a report from the European Union Agency for Network and Information Security (ENISA).
Hardware failure accounted for 38 percent of all incidents and affected over 1.4 million users on average according to an annual incidents report released Tuesday by ENISA. By comparison, incidents that resulted from cyberattacks affected 1.8 million users on average.
Cyberattacks affected primarily Internet access and were the second most common cause for outages of fixed Internet service in particular, accounting for 20 percent of those incidents, ENISA said. They also accounted for around 13 percent of incidents that disrupted mobile Internet service.
The ENISA report compiles data on 79 incidents that occurred across 18 E.U. member states in 2012 and resulted in severe outages of both mobile and fixed telephony and Internet services. ENISA defines fixed Internet and telephony services as those offered through dial-up, DSL, cable, fiber, PSTN, VoIP over DSL and other wired networks.
Providers of electronic communication services are required to report significant network security and integrity breaches to national regulatory agencies, which in turn report them to ENISA and the European Commission. Nine countries did not report any incidents for 2012 and one country hasn’t implemented reporting capabilities yet, ENISA said.
Organizing the chaos
The agency organized incidents into five root cause categories, but also split them by more detailed causes. The root cause categories were system failure, third-party failure, malicious actions, human errors and natural phenomena.
The most common root cause for incidents that resulted in outages was system failure. This accounted for 76 percent of outages and included incidents caused by both hardware and software issues. Most incidents in the system failure category affected switches, including routers and local exchange points, and home location registries, ENISA said.
Third-party failures accounted for 13 percent of incidents, malicious actions accounted for 8 percent, natural phenomena for 6 percent and human errors for 5 percent. Some incidents fell into multiple categories, the agency said.
Incidents caused by natural phenomena—storms, floods, heavy snowfall, earthquakes and other natural disasters—and those caused by human error resulted in the longest outages, 36 hours and 26 hours on average, respectively. However, they affected relatively low numbers of users at 557,000 and 447,000 on average.
Outages that resulted from third-party failures affected the largest number of users, 2.8 million and lasted for 13 hours, while those caused by system failures lasted nine hours and affected 2.3 million users, on average.
Outages resulting from malicious actions, including physical attacks against network equipment, cyberattacks and cable theft, affected 1.5 million users on average and lasted for 4 hours.
When looking at more detailed causes, hardware failure was the most common and accounted for 38 percent of incidents that resulted in service outages. It was followed by software bugs with 24 percent, system overloads with 13 percent and power cuts with 11 percent.
By number of affected users, incidents caused by overloads had the biggest impact, affecting 9.4 million users on average. These were followed by incidents caused by software bugs with almost 4.3 million users affected, power cuts with 3.1 million users affected and cyberattacks with 1.8 million.
ENISA’s report does not include details about specific incidents and does not reveal the names of the affected service providers. However it does provide some examples of incidents it received over the past two years.
One incident caused by a cyberattack was described like this: “A series of Distributed Denial of Service attacks targeted a provider’s domain name service. Up to 2.5 million mobile Internet users were affected during 1-2 hours. The attacking IP-addresses were tracked and blocked, the load balancing units were restarted and the traffic could be recovered. As post-incident actions additional DNS servers were installed, configuration changes were made on firewalls and hardware was expanded to withstand similar attacks.”
The statistics in the report suggests that the percentage of incidents caused by cyberattacks increased in 2012 compared to 2011. However, ENISA warned that data from only two years of reporting is not enough to draw conclusions about any trends.
Overall, mobile networks were most affected by outages with 50 percent of all reported incidents affecting mobile telephony or mobile Internet services.
“In 37 percent of the incidents there was impact on emergency calls using the emergency number 112,” ENISA said.