0
TELECOM SERVICES
SECURITY INCIDENTS
2019
JULY 2020
Annual Analysis Report
TELECOM SERVICES SECURITY INCIDENTS 2019
July 2020
1
ABOUT ENISA
The mission of the European Union Agency for Cybersecurity (ENISA) is to achieve a high
common level of cybersecurity across the Union, by actively supporting Member States, Union
institutions, bodies, offices and agencies in improving cybersecurity. We contribute to policy
development and implementation, support capacity building and preparedness, facilitate
operational cooperation at Union level, enhance the trustworthiness of ICT products, services
and processes by rolling out cybersecurity certification schemes, enable knowledge sharing,
research, innovation and awareness building, whilst developing cross-border communities. Our
goal is to strengthen trust in the connected economy, boost resilience of the Union’s
infrastructure and services and keep our society cyber secure. More information about ENISA
and its work can be found www.enisa.europa.eu.
CONTACT
For technical queries about this paper, please email resilience@enisa.europa.eu
For media enquires about this paper, please email press@enisa.europa.eu
AUTHORS
Georgia Bafoutsou, Aggelos Koukounas, Marnix Dekker - ENISA
ACKNOWLEDGEMENTS
We are grateful for the review and input received from the experts in the ENISA Article 13a
Expert Group which comprises national telecom regulatory authorities (NRAs) from in the EU
and EEA, EFTA and EU candidate countries.
LEGAL NOTICE
Notice must be taken that this publication represents the views and interpretations of ENISA,
unless stated otherwise. This publication should not be construed to be a legal action of ENISA
or the ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013.
This publication does not necessarily represent state-of the-art and ENISA may update it from
time to time.
Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the
external sources including external websites referenced in this publication.
This publication is intended for information purposes only. It must be accessible free of charge.
Neither ENISA nor any person acting on its behalf is responsible for the use that might be made
of the information contained in this publication.
COPYRIGHT NOTICE
© European Union Agency for Cybersecurity (ENISA), 2020
Reproduction is authorised provided the source is acknowledged.
Copyright for the image on the cover: © Shutterstock
For any use or reproduction of photos or other material that is not under the ENISA copyright,
permission must be sought directly from the copyright holders.
Catalogue number: TP-AD-20-001-EN-N
ISBN: 978-92-9204-350-6
DOI: 10.2824/491113
TELECOM SERVICES SECURITY INCIDENTS 2019
July 2020
2
TABLE OF CONTENTS
1. INTRODUCTION 7
2. INCIDENT REPORTING FRAMEWORK 8
2.1 INCIDENT REPORTING FRAMEWORK 8
2.2 EXAMPLES OF INCIDENTS REPORTED 8
2.3 INCIDENT REPORTING TOOL 9
3. ANALYSIS OF THE INCIDENTS 10
3.1 ROOT CAUSE CATEGORIES 10
3.2 USER HOURS LOST FOR EACH ROOT CAUSE CATEGORY 11
3.3 DETAILED CAUSES 11
3.4 SERVICES AFFECTED 13
4. DETAILED ANALYSIS – HUMAN ERRORS 16
5. MULTI-ANNUAL TRENDS 18
5.1 MULTIANNUAL TRENDS - ROOT CAUSE CATEGORIES 18
5.2 MULTIANNUAL TRENDS - IMPACT PER SERVICE 18
5.3 MULTIANNUAL TRENDS - USER HOURS PER ROOT CAUSE 19
5.4 MULTIANNUAL TRENDS - NUMBER OF INCIDENTS AND USER HOURS 20
6. CONCLUSIONS 21
6.1 KEY TAKEAWAYS 21
6.2 OBSERVATIONS 21
TELECOM SERVICES SECURITY INCIDENTS 2019
July 2020
3
EXECUTIVE SUMMARY
In the EU, telecom operators notify significant security incidents to the National Regulatory
authority (NRA) in their country. At the start of every calendar year, the national authorities for
telecom security send a summary about these incidents to ENISA. This document, the Annual
Report Telecom Security Incidents 2019, covers the incidents reported by the authorities for the
calendar year 2019 and it gives an anonymised, aggregated EU-wide overview of telecom
security incidents.
Security incident reporting has been part of the EU’s telecom regulatory framework since the
2009 reform of the telecom package: Article 13a of the Framework directive (2009/140/EC)
came into force in 2011. The incident reporting in Article 13a focuses on security incidents with
significant impact on the operation of services, i.e. outages of the electronic communication
networks and/or services.
Statistics annual summary reporting 2019
The 2019 annual summary reporting contains reports about 153 incidents submitted by national
authorities from the 26 EU Member States and 2 EFTA countries. The total user hours lost,
multiplying for each incident the number of users and the number of hours was 988.12 Million
User Hours, i.e. roughly 0.026% of the total user hours in a year
1
.
It should be noted that the current incident reporting is not the full telecom security picture,
because it only covers the largest incidents that cause the big outages.
Figure 1: Number of incidents and million user hours lost per year
1
Using a basis of 500M (EU citizens) times 365 (days) times 24 (hours). User hours is a metric we use throughout this
report to quantify the impact of an incident, multiplying the number of subscribers/connections affected, with the duration in
hours. For example, 1M User Hours means 1M users were affected for one hour, or 2M users for half an hour, etc.
In 2019, half of the
total user hours
lost were due to
system failures.
In 2019, human
errors were more
frequent, an
increase of 50%
compared to 2018
TELECOM SERVICES SECURITY INCIDENTS 2019
July 2020
4
Key takeaways from the 2019 incidents
System failures dominate in terms of impact: they represent almost half of the total
user hours lost (479 million user hours). They are also the most frequent root cause of
incidents: 56% of the total. Over the last 4 years, both the frequency and overall impact
of system failures have been trending down significantly.
Incidents caused by human errors have risen: More than a quarter (26%) of total
incidents have human errors as a root cause. Human errors have increased with 50%
compared to the previous year.
Third-party failures show a great increase: Almost a third of the incidents were also
flagged as third-party failures (31%), i.e. incidents which originated in third party, say a
utility company, a contractor, a supplier, etc. This number tripled compared to 2018,
when it was just 9%.
Figure 2: Root Causes and Third party failures – 2019
Power cuts are the second most common detailed cause: Overall, independent
from the underlying root cause, power cuts are either a primary or a secondary cause
in over a fifth of the major incidents.
Natural phenomena have a major impact: Natural phenomena account for a third
of the total user hours lost, which brings them in the second place in terms of impact.
Figure 3: Share of user hours lost for each root cause category in 2019