Faulty software more damaging than cyber attacks: Report

computer_cables_cable_sxc_eightstuff.jpg

The vast majority of significant electronic systems failures in Europe are caused by faulty software and botched repair jobs, rather than deliberate cyber attacks, according to a report by the EU’s computer systems watchdog published yesterday (20 August).

The European Union Agency for Network and Information Security (ENISA) –which provides security expertise to the EU – said national regulators reported 79 incidents severe outages of electronic communication networks or services during  2012.

The report provides an overview of incidents without details about individual countries, providers, or incidents, but it does outline the root causes of the reported incidents.

Of the 79 significant incidents reported by 18 countries, three-quarters were the result of “systems failures” (75 % of the incidents).

These were mainly down to hardware failures, software bugs and overloaded electricity cables. Nevertheless there were also outages resulting from disruption caused by copper thieves, according to ENISA.

“We came across incidents of cable theft, where copper is very lucrative on the underground markets,” according to Christoffer Karsberg, an expert with ENISA.

“people steal cables, but in many cases they cut of fibre cables by mistake, thinking they contain copper. There is a lot of damage triggered by the urge to steal copper,” Karsberg said.

Cyber attacks do not always seek to collapse systems

Incidents affecting mobile telephony systems or mobile Internet had the most impact on users causing connection problems for around 1,8 million users per incident, according to the report.

According to ENISA this reflects the high and growing penetration rate of mobile telephony and mobile Internet.

Only eight of the 79 incidents involved intentional cyber attacks, caused by malicious actions.

“Although the figure for cyber attacks may appear low, remember that this only relates to significant incidents, so there may be many more cyber attacks below that threshold,” said Karsberg.

“Moreover, with many cyber attacks, the purpose is to enter a communication system without detection, and sit on the system. That means that for many, causing a systems failure would not be the aim of the exercise,” he added.

Online security cannot be taken for granted as hackers and cyber attackers continue to outdo software engineers.

The European Commission has stated that cyber security is a “war of attrition” rather than an ad hoc battle.

In addition to strengthening its own security systems, the EU Executive has decided to open a dedicated cybercrime centre from the beginning of 2013.

Meanwhile, Europe continues to seek new avenues for international co-operation on the issue as cyber-attackers often seek refuge in countries where legislation is the weakest.

>> Read our LinksDossier: Cybersecurity: Protecting the digital economy

European Union

Subscribe to our newsletters

Subscribe