The vast majority of significant electronic systems failures in Europe are caused by faulty software and botched repair jobs, rather than deliberate cyber attacks, according to a report by the EU’s computer systems watchdog published yesterday (20 August).
The European Union Agency for Network and Information Security (ENISA) –which provides security expertise to the EU – said national regulators reported 79 incidents severe outages of electronic communication networks or services during 2012.
The report provides an overview of incidents without details about individual countries, providers, or incidents, but it does outline the root causes of the reported incidents.
Of the 79 significant incidents reported by 18 countries, three-quarters were the result of “systems failures” (75 % of the incidents).
These were mainly down to hardware failures, software bugs and overloaded electricity cables. Nevertheless there were also outages resulting from disruption caused by copper thieves, according to ENISA.
“We came across incidents of cable theft, where copper is very lucrative on the underground markets,” according to Christoffer Karsberg, an expert with ENISA.
“people steal cables, but in many cases they cut of fibre cables by mistake, thinking they contain copper. There is a lot of damage triggered by the urge to steal copper,” Karsberg said.
Cyber attacks do not always seek to collapse systems
Incidents affecting mobile telephony systems or mobile Internet had the most impact on users causing connection problems for around 1,8 million users per incident, according to the report.
According to ENISA this reflects the high and growing penetration rate of mobile telephony and mobile Internet.
Only eight of the 79 incidents involved intentional cyber attacks, caused by malicious actions.
“Although the figure for cyber attacks may appear low, remember that this only relates to significant incidents, so there may be many more cyber attacks below that threshold,” said Karsberg.
“Moreover, with many cyber attacks, the purpose is to enter a communication system without detection, and sit on the system. That means that for many, causing a systems failure would not be the aim of the exercise,” he added.