Feeds

Forget hackers - storms and snafus are bigger threat, say infosec bods

More downtime caused by snow than black hats, EU study finds

High performance access to file storage

Cyber attacks caused fewer problems to communications networks than unrelated system failures and natural disasters, a study by an EU security agency has found.

The European Union Agency for Network and Information Security (‪ENISA‬) reports that the average duration of cyber attacks was four hours ‪whilst o‬utages due to nature – mainly storms and heavy snowfall – lasted 36 hours.

The number of incidents caused, or partly caused, by cyber attacks came out at 8 per cent; more than the 5 per cent where human error played a role but dwarfed by problems caused at least in part by system failure (76 per cent).

The study, released on Tuesday, covers 79 outages across 18 EU nations that reported major incidents last year. About half of the incidents affected mobile telephony or mobile internet services. Outages affecting mobile telephony or mobile internet also affected most users (around 1.8 million users per incident) than comparable problem affected fixed line voice and data services.

Switches were the most frequent point of failure (e.g. routers and local exchange points) followed by mobile network home location registers.

Outages blamed on problems with third-party suppliers, mostly power supply failures, affected around 2.8 million users per incident, on average. Overload problems affected a greater number of users than simple power failures, affecting an average of 9.4 million user connections per incident.

In general, hardware failures were the most common cause of "systems failures", followed by software bugs. Incidents dealing with hacker attacks are covered in the report – but despite all the hype, malicious activity was a far less significant issue than system failures, power supply problems or bad weather in causing the most significant outages in Europe last year. Human error generally took much longer to unravel than problems caused by malicious attacks.

Cyber attacks were a more significant cause of problems when it came to fixed internet services but even in those cases, it played a role in just a fifth of outages.

Anonymized examples of the incidents reported to ENISA range from overloads causing VoIP outage to a faulty upgrade halting IP-based traffic and a DDoS attack on DNS servers that affected mobile internet access. Up to 2.5 million mobile device users were affected by the DDoS attack before the attacking addresses were identified and blocked, a process that took around two hours.

The study also covers the impact of the theft of a stretch of fibre optic cable, which obviously caused a break in a communications link, and a faulty software update that affected a mobile telephony service. The cable theft incident in question affected 70,000 fixed telephony users and 90,000 fixed Internet users for 10 hours.

Professor Udo Helmbrecht, executive director of ENISA, explained that the report will be used to draw up best practice guidelines.

"The EU collaboration behind this report is key to improving the security and resilience of electronic communications networks in the EU, as well as for security in other critical sectors. Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again."

ENISA's report, which is a must read for anyone involved in either disaster recovery or telecommunications network management, can be downloaded from their website (PDF). ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.