Forget hackers - storms and snafus are bigger threat, say infosec bods
More downtime caused by snow than black hats, EU study finds
Cyber attacks caused fewer problems to communications networks than unrelated system failures and natural disasters, a study by an EU security agency has found.
The European Union Agency for Network and Information Security (ENISA) reports that the average duration of cyber attacks was four hours whilst outages due to nature – mainly storms and heavy snowfall – lasted 36 hours.
The number of incidents caused, or partly caused, by cyber attacks came out at 8 per cent; more than the 5 per cent where human error played a role but dwarfed by problems caused at least in part by system failure (76 per cent).
The study, released on Tuesday, covers 79 outages across 18 EU nations that reported major incidents last year. About half of the incidents affected mobile telephony or mobile internet services. Outages affecting mobile telephony or mobile internet also affected most users (around 1.8 million users per incident) than comparable problem affected fixed line voice and data services.
Switches were the most frequent point of failure (e.g. routers and local exchange points) followed by mobile network home location registers.
Outages blamed on problems with third-party suppliers, mostly power supply failures, affected around 2.8 million users per incident, on average. Overload problems affected a greater number of users than simple power failures, affecting an average of 9.4 million user connections per incident.
In general, hardware failures were the most common cause of "systems failures", followed by software bugs. Incidents dealing with hacker attacks are covered in the report – but despite all the hype, malicious activity was a far less significant issue than system failures, power supply problems or bad weather in causing the most significant outages in Europe last year. Human error generally took much longer to unravel than problems caused by malicious attacks.
Cyber attacks were a more significant cause of problems when it came to fixed internet services but even in those cases, it played a role in just a fifth of outages.
Anonymized examples of the incidents reported to ENISA range from overloads causing VoIP outage to a faulty upgrade halting IP-based traffic and a DDoS attack on DNS servers that affected mobile internet access. Up to 2.5 million mobile device users were affected by the DDoS attack before the attacking addresses were identified and blocked, a process that took around two hours.
The study also covers the impact of the theft of a stretch of fibre optic cable, which obviously caused a break in a communications link, and a faulty software update that affected a mobile telephony service. The cable theft incident in question affected 70,000 fixed telephony users and 90,000 fixed Internet users for 10 hours.
Professor Udo Helmbrecht, executive director of ENISA, explained that the report will be used to draw up best practice guidelines.
"The EU collaboration behind this report is key to improving the security and resilience of electronic communications networks in the EU, as well as for security in other critical sectors. Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again."
ENISA's report, which is a must read for anyone involved in either disaster recovery or telecommunications network management, can be downloaded from their website (PDF). ®