The European Union Agency for Cybersecurity (ENISA) has published fresh data on 1,100 “cybersecurity” incidents across the EU’s telcos and “trust services” (certificate authorities/electronic ID services).
This came in an update to its “CIRAS” tool, which contains anonymised data submitted to national regulators across the EU.
Telco Outages: Hardware Failures are Rife
Despite ostensibly focussing on security, the data shows that most incidents were accidental outages; in turn largely (21 percent and 20 percent respectively) blamed on hardware failures and power cuts.
Drilling down a little more, and the most incident-prone hardware was deemed to be switches and routers.
(Many telcos are early on in the move towards virtualised platforms, and creaking legacy tech stacks are common. The shift towards a world of physical functions running as software – as VMs over general-purpose servers, including in the cloud — is an ongoing one in the telco space.)
Across the telco sector, ENISA tracked a total of 153 incidents in 2019.
Analysing telecom security incidents ENISA notes that: “Over the last 4 years, the most common root cause of telecom security incidents is system failures (412 out of 637 incidents). The second most common root cause is human errors with nearly a fifth of total incidents (19%, 119 incidents in total).
“Natural phenomena are the third root cause with 11% while only 4% of the incidents are categorized as malicious actions.”