Defending Critical Infrastructure: only 6% of incidents malicious

The weather, or even simple mis-configuration, are threats to critical infrastructure, but in an emergency, could government now run privatised utilities?

Defending Critical Infrastructure: only 6% of incidents malicious
Defending Critical Infrastructure: only 6% of incidents malicious
The third annual report on large-scale electronic communications system outages in Europe by ENISA reveals that it not just terrorist and criminal incidents that can result in network/system downtime, but more mundane issues such as bad weather, snowfall and natural phenomena.

The report from the European Union Agency for Network and Information Security makes sobering reading for anyone planning a Disaster Recovery option for their company's IT systems, pointing out that a wide variety of problems can result in quite severe outages.

The agency says that most incidents (50 percent-plus) reported to regulators and ENISA involved mobile Internet and mobile telephony outages, with the most frequent causes being system failures affecting base stations and telecoms switches.

During 2013 - the period covered by the report - ENISA says that there were 90 significant incidents spanning 19 countries, although nine countries reported no significant incidents.

Delving into the analysis reveals that 21 percent of the major incidents also had an impact on emergency calls, with a hefty 61 percent of outages caused by system failures triggered by software bugs, hardware failures and software mis-configurations.

Commenting on the report, Guy Kenyon of Kenyon Consulting and a Special Interest Group (SIG) champion for the security and defence group within Cambridge Wireless, said it highlights the need to increase security, reliability and resilience in cellular communications networks.

Kenyon, who has been a senior professional in the wireless industry for two decades, said that plans are already well advanced to carry emergency services voice and data traffic over LTE (4G) networks in the UK under the Home Office Emergency Services Mobile Communications Programme (ESMCP) and the US Homeland Security FirstNet programme.

According to Kenyon, additional essential functionalities are already being introduced to the LTE/4G specification.

"In addition to functional improvements such as adding emergency services specific capabilities, it is also important - as the ENISA report highlights - to make substantial improvements in reliability, resilience and security of end-to-end communications," he said.

"We need to move on from the commercial mobile communications model where no service guarantees are provided and the mass market accepts 'best endeavours' service to an environment where bullet-proof services are standard," he added.
H
e explained that this will require significant development of the mobile network operators' infrastructure.

Jim Carlsson, CEO with IT security vendor Clavister, said that, whilst it is reassuring to see that the majority of infrastructure outages were caused by simple IT issues and not cyber-attacks, it is critical that that we - as an industry - do not become complacent.
Page 1 of 2

Sign up to our newsletters