Story

ENISA security report: Nothing runs without power

The European Network and Information Security Agency (ENISA) has presented its "Annual Incident Report" on internet security incidents in the EU. National EU member states reported 51 significant incidents in 2011.

However, ENISA didn't actually investigate internet security – its report focuses more on infrastructure reliability. Therefore, rather than discussing threats such as data theft or server intrusions, the agency looked into the availability of internet access. An important factor for internet access is the availability of power: natural phenomena such as storms, floods or heavy snowfall can compromise power grids and ships' anchors can damage important undersea cables.

 Examples of human error can also be found in the report: ENISA reports that 10,000 users were cut off from the internet because of an arson attack on their provider by a former employee. Apparently, the company needed 36 hours to clean up the effects of the fire. Flawed hardware and software are another main reason for unreliable network infrastructures, says ENISA. On the whole, mobile internet connections are significantly more vulnerable than connections via fixed-line networks.

The agency explains in its report that, according to article 13a of the EU's 2009/140/EC Framework Directive, EU member states are obliged to provide ENISA with annual reports on any major national incidents. However, nine countries didn't comply with the directive, while a further nine of the 29 member states had no incidents to report. The remaining eleven national members reported a total of 51 significant incidents. 2011 was the first year for which this data was collected and, as a result of improvements in the countries' reporting processes, ENISA expects to see ten times the number of reported incidents in 2012. To be considered significant by ENISA, incidents must last at least eight hours and affect at least 15% of a telecommunications provider's customers.