Hardware failures cause more comms outages than hackers: EU
Cybergeddon postponed as incompetence trumps conspiracy again
If you're living in constant fear of a cybergeddon, here's a handy reality check. According to ENISA – the European Union Agency for Network and Information Security – has just produced its report into what caused 79 major communications outages in Europe in 2011-2012.
If you were having trouble with phone, mobile or Internet access in that period, it's far more likely that the problem was either a hardware or software failure in the network. The report finds that system failures caused 75 percent of incidents – compared to just eight incidents caused by malicious actions.
After system failure, the most common cause of telecommunication incidents is third party failure – mostly due to blackouts – with natural phenomena (six incidents) and human error (five) rounding out the table.
Drilling into the category of malicious actions, it becomes clear that the widespread fear that a lone hacker can destroy our telecommunications networks might be exaggerated. The malicious actions category doesn't only report on cyber-attacks (such as a DNS attack cited in the report as a case study) – it also included cable theft, the deliberate cut of a terrestrial cable, an accidental submarine cable cut, and a disgruntled employee setting fire to DSL equipment.
The systems most likely to suffer were network switches and home location registers – the latter partly feeding into mobile's dominance in incident reports.
Mobile systems – both telephony and Internet – were the most flaky. Not only did they experience half of all the incidents, the report states that mobile outages affected the greatest number of users (around 1.8 million subscribers per outage). Mobile telephony and internet recorded 48 and 49 incidents, respectively (with, of course, a large overlap between the two). Only 25 incidents were reported for fixed Internet – a little over half the failure rate of mobile – and there were 37 fixed telephony incidents reported.
Regrettably, the report doesn't identify the kinds of incidents by country, so The Register is unable to advise which nine countries in the EU had no incidents whatever.