2 ii Annual Incident Reports 2011 About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at Authors Dr. Marnix Dekker, Christoffer Karsberg Contact For contacting the authors, please use For media enquires about this paper, please use Acknowledgements For the completion of this report ENISA has worked closely with a working group of experts from national regulatory authorities and ministries from across Europe. PTS (SE), Ministry of Economic Affairs (NL), FICORA (FI), Ofcom (UK), ANACOM (PT), ComReg (IE), EETT, ADAE (GR), Ministry of Defence (DK), CPNI (UK), RTR (AT), ANCOM (RO), EA ECNIS (BG), CCED (FR), Bundesnetzagentur (DE), BIPT (BE), MITYC (ES), MPO, CTO (CZ), CERT LT (LT), MFSR(SK), ILR (LU), APEK (SI), MCA (MT), Ministry of Economic Development (IT), OCECPR (CY), PT (NO). Legal notice Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Reproduction is authorised provided the source is acknowledged. European Network and Information Security Agency (ENISA), 2012
3 Annual Incident Reports 2011 iii Executive summary For the first time in the EU, in spring 2012 national reports about security incidents were reported to ENISA and the European commission, under Article 13a of the Framework Directive (2009/140/EC) which is a new article in the EU legal framework for electronic communications. In this document we analyse the 51 incident reports of severe outages of electronic communication networks or services. We summarize the key conclusions that can be drawn from the incident reports. Details can be found in the body of this document. 11 countries reported 51 significant incidents and 9 countries reported no significant incidents but this is probably due to the fact that these countries had implemented national reporting schemes towards the end of The number of users in these 20 countries was 166 million. We estimate that the number of incidents that will be reported over this year (2012) will increase by a factor of 10 because most countries now have mature implementation of the incident reporting process. Most reported incidents affected mobile telephony or mobile internet (around 60% of the incidents). Incidents affecting mobile telephony or mobile internet affected most users (around users). This is consistent with the high penetration rate of mobile telephony and internet. Most incidents were caused by root causes in the categories Hardware/software failure and Third party failure. Incidents with root causes in the category Natural phenomena (storm, floods, et cetera) lasted 45 hours on average. Natural phenomena like storms, floods and heavy snow have a big impact on the power supply of providers. Often these power cuts last several hours. The reported incidents show there is a strong dependency on power supply, of both mobile and fixed communication services. It is well known that battery capacity of 3G base stations is limited to a few hours, and this means that lasting power cuts cause communication outages. Hardware/software failures are the most frequent cause of mobile communication outages, and this percentage is notably higher than for fixed telephony or fixed internet. This could be the result of higher complexity (more dependencies in the more modern networks like 3G), less redundancy, or simply due to the fact that the more modern networks use hardware and software that is less mature and less reliable. ENISA, the National Regulatory Authorities (NRAs) and the EC have implemented the first incident reporting almost like a pilot, aware of the fact that implementation across the EU was still not complete. This has produced some crucial insights that would have been difficult to get otherwise they are summarized in an epilogue. As part of the activities of the Article 13a Working Group, ENISA, together with the NRAs of the different EU member states will discuss about specific types of incidents, and where needed initiate a discussion on technical guidance for NRAs and providers about preventing these incidents. ENISA will publish a similar overview and analysis, yearly, following subsequent rounds of annual summary reporting by the NRAs in the EU member states. The next report will be published in spring 2013, and will summarize and analyse the incidents that occurred in 2012.
4 iv Annual Incident Reports 2011 Table of contents Executive summary... iii 1 Introduction Article 13a of the Framework directive: Security and Integrity Article 13a Working Group Technical Guideline Incident Reporting Version Annual reporting over Analysis of the Incidents Examples of incidents Impact on services Root causes Detailed root causes and secondary causes Conclusions Epilogue References... 17
5 Annual Incident Reports Introduction For the first time in the EU, in spring 2012 national reports about security incidents were reported to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC), a new article introduced in the 2009 reform of the EU legal framework for electronic communications. In this document ENISA analyses the received 51 incident reports of severe outages of electronic communication networks or services. We refer to the Executive Summary for a summary of the analysis and the conclusions. This document is structured as follows. In Section 2 and Section 3 we briefly summarize Article 13a and we summarize the details of the technical implementation of Article 13a, as agreed in the Article 13a WG by the different NRAs of the EU member states. In Section 4 we describe step-by-step how this year the incident reporting (about the 2011 incidents) has been carried out. In Section 5 we analyse the incidents which were reported, and we conclude this paper with some general conclusions (Section 6) which follow from the analysis of the incidents. For the interested reader, as an epilogue, we raise some issues about the process of annual summary reporting itself. These issues are being discussed in the Article 13a Working group. Note that in this document we do not provide details from the individual incident reports. The analysis is only an aggregation, in terms of averages and percentages, across the EU. We do not make any references here to specific countries or specific providers. The incidents will be discussed in more detail in the Article 13a WG.
6 2 Annual Incident Reports Article 13a of the Framework directive: Security and Integrity The reform of the EU legal framework for electronic communications, which was adopted in 2009 and came into effect in May 2011, adds Article 13a to the Framework directive. Article 13a addresses security and integrity 1 of public electronic communication networks and services. The legislation concerns national regulatory authorities (NRAs) and providers of public electronic communication networks and services (providers). Article 13a states: Providers of public electronic communication networks and services should take measures to guarantee security and integrity of their networks. Providers must report to competent national authorities about significant breaches of security or integrity. National regulatory authorities should notify ENISA and national authorities abroad when necessary, for example in case of incidents with cross-border impact. Annually, national regulatory authorities should submit a summary report to ENISA and the European Commission (EC) about the incidents. The main incident reporting flows are shown in the diagram below. This document analyses the incidents that have been reported to ENISA and the EC (the black dashed arrow). EC Incident notification ENISA Incident reporting Member state Member state National authority National authority Network or service provider Network or service provider Network or service provider Network or service provider Network or service provider Network or service provider 1 Here integrity means network integrity, which is often called availability or continuity in information security literature.
7 Annual Incident Reports Article 13a Working Group In 2010, ENISA, Ministries and NRAs initiated a series of meetings (workshops, conference calls) to achieve a harmonised implementation of Article 13a of the Framework directive. In these meetings, a working group of representatives of NRAs, the Article 13a Working Group, reached agreement on two non-binding technical documents providing guidance to the NRAs in the EU member states: Technical Guideline for Incident Reporting and Technical Guideline for Minimum Security Measures. The Article 13a working group continues to meet several times a year to discuss the implementation of Article 13a, and to share knowledge and exchange views about addressing incidents. The current version of the technical guidelines (version 1.0) is now being updated (to version 2.0). 3.1 Technical Guideline Incident Reporting Version 1.0 For the sake of reference we summarize the Technical Guideline on Incident Reporting Version Services and incidents in scope It was agreed with the NRAs to report only about incidents involving outages of services 2. The services in scope for annual summary reporting to ENISA and the EC are as follows: fixed telephony services, fixed internet services, mobile telephony services, mobile internet services, message services services In the remainder of this document we ignore , because only a few NRAs reported incidents regarding , and because the total number of users (the basis for the reporting threshold) is often unknown to the NRA. We also merge messaging and mobile telephony for the sake of brevity Incident reporting template The reporting template has the following parameters: Services impacted (selection) Number of users (percentage) Duration (hours) Root cause category (see below) Emergency calls or interconnections impacted Details about the incident 2 This does not mean that these are the only incidents that should be considered significant. To give an example: A cable cut of a redundant submarine cable or a security breach at a provider could well be considered significant by an NRA, but if this incident did not cause an outage it would be out of scope.
8 4 Annual Incident Reports 2011 Actions taken to mitigate Lessons learnt It is important to note that the number of users, a percentage, is the percentage of the national user base of a service, not the percentage of the providers customers Thresholds for annual summary reporting The thresholds for annual summary reporting to ENISA and the EC are as follows. 1. Number of users affected: The incident impacts more than 15% of the users of the service. 2. Duration of the incident: The incident has impact for more than 8 hours. 3. Geographic spread/region: The incident has impact in a specific, vulnerable, region, for instance an incident affecting an entire island or a large region with scarce population. 4. Emergency calls: The incident has impact on the reachability of emergency call centres (112). 5. Number of users affected and duration of the incident: The combination of number of users affected and duration of the incident is in the red area in the diagram below. 6. Number of users affected and geographical spread/region: A service is unavailable for more than 10% of the users, all in a specific geographic area. 7. Duration of the incident and geographical spread/region: The service is unavailable in a specific geographic area for more than 4 hours. 1h<...<2h 2h<...<4h 4h<...<6h 6h<...<8h >8h 1%<...< 2% of users 2%<...< 5% of users 5%<...< 10% of users 10%<...< 15% of users > 15% of users Root cause categories In the incident reports we distinguish between five categories of root causes. Natural phenomena - For instance storms, floods, heavy snowfall, earthquakes, and so on. Human errors - Incidents that are caused by errors committed by employees of the provider. Malicious attacks - Incidents that are caused by an attack, a cyber-attack or a cable theft e.g. Hardware/Software failures Incidents caused by a failure of hardware or software Third party failures Incidents caused by a failure or incident at a third party. 3 For example, suppose a provider with 1 million customers suffers a full outage, and suppose that in that country 10 million people have mobile internet, then the number of users affected is reported as: 10%.
9 Annual Incident Reports Annual reporting over 2011 In this section we summarize how the annual reporting over 2011 was implemented. In spring 2012 the European Commission agreed with the EU Member states (in meetings of the COCOM) to do the first round of annual summary reporting about the 2011 incidents. The decision included a recommendation to use the reporting template published by ENISA agreed in the Article 13a WG. Following the COCOM meeting, ENISA implemented the technical procedure by deploying a basic electronic form based on the Article 13a guideline for incident reporting. In total, 29 countries participated in this process: all EU countries, and some of the EFTA and EU candidate countries. Eleven countries reported in total 51 significant incidents and 9 countries reported there were no incidents. The total number of users in these (20) countries was 166 million Number of countries reporting significant incidents Number of countries reporting no significant incidents 9 Number of countries without Article 13a implementation Figure 1: Countries involved in the annual summary reporting over 2011 Many countries implemented Article 13a late in This explains why so many countries (9) indicated they had not received reports about significant incidents. We estimate that the number of incidents that will be reported over this year (2012) will increase by a factor of 10.
10 6 Annual Incident Reports Analysis of the Incidents In this section we aggregate the 51 reported incidents and we analyse them. First we give some examples of incidents (in Section 5.1), then we analyse the impact per service (in Section 5.2), then we analyse the impact per root cause category (Section 5.3), and in Section 5.4 we look at detailed root causes. We would like to stress that statistical conclusions based on these numbers should be drawn with care. The smaller incidents are not reported at an EU level and this means that the view is biased towards the larger incidents. Moreover many countries had set up incident reporting procedures only towards the end of Examples of incidents To provide an idea of the different incidents that were reported, we provide some anonymized examples in this section Big storm affecting power supply causing large scale outage (days, millions, natural disaster) A severe storm hit several countries. The storm had a major impact on the power grid infrastructure and to a limited extent also on mobile network equipment (like mobile base stations). The prolonged power cuts eventually caused many mobile base stations to run out of power. As a result around a million users were without mobile communication services for 24 hours, and in some cases up to two weeks. The dependency of mobile communication services on external power supply is a common theme in many incident reports. Mobile base stations have limited battery power (for 4 to 8 hour), which is enough for everyday power outages, but obviously doesn t help when there is a longer term power grid failure. This sequence of events (natural disaster, power cut, and outage) was frequently described in the incident reports Configuration error (hours, millions, configuration error) An employee of a fixed telephony provider made a configuration error. The error prevented fixed telephony users to make outgoing international phone calls to Western European countries for 4 hours. The incident was resolved after a reconfiguration and a reboot Vandalism by former employee affected DSL (days, thousands, malicious attack) A former employee of a provider deliberately set fire to a switching system, which was used for providing fixed internet service to around subscribers. The incident was resolved by replacing the switch. Around 36 hours later the fixed internet service was working again Faulty software update affected mobile telephony (hours, thousands, software failure) A provider applied a regular software update at a Home Location Register (HLR) which turned out to be faulty. The failure at the HLR impacted mobile telephony and internet services. The incident affected about half of the provider s customers and lasted around 8 hours.
11 Annual Incident Reports Submarine cable cut from anchorage (hours, thousands, third party) A ship s anchoring damaged one of four submarine cables connecting two islands. Contingency plans were triggered quickly, which meant that only a smaller number of users were affected. 5.2 Impact on services In this section we look at how the incidents impacted the electronic communication services Incidents per service (percentage) Figure 2 shows which percentage of incidents affected which services. Most incidents have an impact on two or more services (in fact the percentages in the chart add up to 175%) Figure 2: Incidents per service (percentage) Fixed telephony Fixed Internet Mobile Telephony Mobile Internet Most incidents (around 60%) affected mobile telephony or mobile internet. This would suggest that mobile services are more at risk of large-scale outages but we stress that the number of reported incidents is still rather small to support such conclusions Number of users affected per incident per service (1000s) Figure 3 shows the average number of users affected, per incident, per service Fixed telephony Fixed Internet Mobile Telephony Mobile Internet Figure 3: Average number of users affected per incident per service (1000s)
12 8 Annual Incident Reports 2011 Incidents affecting the mobile telephony involve on average users. This is the highest for all services. This is partly due to the fact that mobile telephony has a larger penetration (on average 110% of the population for mobile telephony, compared to 50% for fixed telephony). The next paragraph corrects for this factor Number of users affected per incident per service (percentage of national user base) Figure 4 shows the average percentage of users affected per incident, per service Fixed telephony Fixed Internet Mobile Telephony Mobile Internet Figure 4: Average number of users affected per incident per service (percentage) On average, incidents affecting mobile telephony or mobile internet affect 16-17% of the users. This is slightly more than the percentages for the fixed communication services. This would suggest that, not only mobile communication services (telephony, internet) may be more vulnerable, but also that a larger portion of the users is affected in the incidents that were reported Impact on emergency services and interconnections In 33% of the incidents there was impact on emergency services - i.e. the possibility for users to contact emergency call-centres. In only 6% of the incidents there was impact on interconnections.
13 Annual Incident Reports Root causes In this section we look at the impact of incidents, per root cause category. We also split the incidents out in more detailed root causes to give a better view of common root causes Incidents per root cause category (percentage) In Figure 5 we show the percentage of incidents per root cause category Natural phenomena Human error 6 Malicious attack Hardware/software failure 47 Third party failure Figure 5: Incidents per root cause category Most of the incident reports indicate that the root cause falls in the category Hardware/Software failure (47 %) or Third Party failure (33 %) Average duration of incidents per root cause category (hours) Figure 6 shows the average duration of the incidents per root case category. Third party failure Hardware/software failure Malicious attack Human error Natural phenomena Figure 6: Average duration of incidents per root cause category (hours) On average incidents caused by natural phenomena lasted longest (45 hours).
14 10 Annual Incident Reports Root cause categories per service (percentage) Figures 7, 8, 9, and 10 show the root cause categories of incidents split out per service. Fixed telephony Natural phenomena 18 Human error 9 Malicious attack Hardware/software failure Third party failure Figure 7: Root cause categories for fixed telephony (percentage) Fixed Internet Natural phenomena 12 6 Human error Malicious attack 18 Hardware/software failure Third party failure Figure 8: Root cause categories for fixed internet
15 Annual Incident Reports Mobile Telephony Natural phenomena Human error Malicious attack 57 Hardware/software failure Third party failure Figure 9: Root cause categories for mobile telephony Mobile Internet Natural phenomena Human error Malicious attack Hardware/software failure Third party failure Figure 10: Root cause categories for mobile internet
16 12 Annual Incident Reports Detailed root causes and secondary causes In this section, instead of looking at the 5 root cause categories, we look at root causes and secondary causes triggering the incident. Based on the textual description in the incident reports, we have identified per incident one or two root causes that lead up to the incident. For example, when a storm leads to a power cut which leads to a network outage then for this incident both power cut and storm are counted as detailed root causes. Based on the textual descriptions in the 51 incident reports we identified 14 detailed (recurring) causes which lead up to the incidents Root causes and secondary causes (percentages) Figure 11 shows the percentage of incidents with a certain detailed cause causing it Figure 11: Detailed root causes and secondary causes (percentages) Root causes and secondary causes (percentages per service) Figure 12 shows the percentage of incidents per service by a particular cause Fixed telephony Fixed Internet Mobile Telephony Mobile Internet Figure 12: Detailed root causes and secondary causes (percentages per service)
17 Annual Incident Reports Detailed root causes and secondary causes per service (percentages) In Figure 13, 14, 15, 16 we show the detailed root causes and secondary causes, split out per service. Fixed telephony Hardware/software failure Power cut Cable cut Bad change Storm Maintenance Heavy snowfall Cable theft Figure 13: Detailed root causes and secondary causes for fixed telephony. Fixed Internet Hardware/software failure Power cut Cable cut Bad change Storm Maintenance Heavy snowfall 35 Power surges Cable theft Figure 14: Detailed root causes and secondary causes for fixed internet. For fixed internet most incidents are caused by cable cuts followed by Hardware or software failures.
18 14 Annual Incident Reports 2011 Mobile Telephony Hardware/software failure Power cut Cable cut Bad change Storm Maintenance Heavy snowfall Human error Power surges Figure 15: Detailed root causes and secondary causes for mobile telephony. More than half of Mobile telephony incidents involve (as primary or secondary cause) a hardware or software failure Mobile Internet Hardware/software failure Power cut Cable cut Bad change Storm Maintenance Heavy snowfall Human error Power surges Figure 16: Detailed root causes and secondary causes for mobile internet.
19 Annual Incident Reports Conclusions In this document we summarized how the incident reporting scheme, mandated by Article 13a of the Framework Directive (2009/140/EC), was implemented across the EU and we analysed the incident reports ENISA and the EC received as part of the first round of reporting: 51 reports about major incidents that occurred in From the 51 significant incidents reported to ENISA and the EC, we can draw the following conclusions. Mobile networks most affected: Most incidents affected mobile telephony or mobile internet (around 60% of the incidents). Mobile network outages affect many users: Incidents affecting mobile telephony or mobile internet affected most users (around users). This is consistent with the high penetration rate of mobile telephony and mobile internet. Hardware/software failures and third party failures are most common root causes: Most incidents were caused by root causes in the categories Hardware/software failure and Third party failure. Natural phenomena cause long lasting incidents: Incidents with root causes in the category Natural phenomena (storms, floods, etc.) lasted 45 hours on average 4. Bad weather disrupting power supply causing outages: Natural phenomena like storms, floods and heavy snow have a big impact on the power supply of providers. Often these power cuts last several hours. In the incident reports we received, incidents caused by natural phenomena lasted 45 hours, on average. Dependencies on the power supply sector: Dependency on power supply from both mobile and fixed communication services is clear. It is well known that battery capacity of 3G base stations is limited to a few hours, and this means, inevitably that lasting power cuts cause communication outages. Hardware and software failures hit mobile networks more than other services. Hardware/software failures are the most frequent cause of mobile communication outages, and this percentage is notably higher than for fixed telephony or fixed internet. This could be the result of higher complexity (more dependencies in the more modern networks like 3G), less redundancy, or simply due to the fact that the more modern networks use hardware and software that is less mature and less reliable. ENISA, in the context of the Article 13a WG, will discuss specific incidents in more detail with the NRAs, and if needed, discuss and agree on mitigating measures. ENISA will publish a similar overview and analysis, yearly, following each round of annual summary reporting by the EU member states. The next report will be published in spring 2013, and will summarize and analyse the 2012 incidents. We would like to take this opportunity to thank the NRAs, the European Member States and the European Commission for the fruitful collaboration, which has allowed for an efficient and rapid implementation of the incident reporting process. 4 IPCC (the International panel on climate change) expects extreme weather to have more impact and to be more frequent in the coming years.
20 16 Annual Incident Reports Epilogue ENISA, the NRAs and the EC have implemented the first incident reporting almost like a pilot, fully aware of the fact that implementation across the EU was still not complete. This pilot has provided us with some crucial insights that would have been difficult to get otherwise. For the interested reader we list them here. Note that these issues are currently being discussed in the Article 13a WG. Absolute thresholds: Reporting on the basis on percentage of users instead of absolute numbers appears to make the reporting unbalanced. Large countries report few incidents, while small countries have to report many (smaller incidents). Absolute numbers for reporting should be introduced to make sure the burden of reporting is proportional to the size of the country and the resources of the NRA. Simplification of thresholds: Thresholds used in the first version of the incident reporting guideline were sometimes unclear and complicated. Not all NRAs applied all the thresholds. To align the reporting across the EU we are simplifying and reducing the number of thresholds. Impact on networks: The incident reporting template only mentions the type of service that was affected, for example mobile telephony. But it could be very useful to understand which type of network was affected. This could, for example, show if 2G networks are more resilient in the face of power cuts than 3G networks. The template should allow for additional fields that describe which network is impacted. Use of the reporting template: While most of the NRAs used, as recommended by the EC, the incident reporting template of the Article 13a WG, some member states did not used this template. In most of these cases vital information was missing from the incident reports, and for this reason these incidents could not be included in the overall analysis. To allow for the incident reports to be included in an overall analysis, NRAs should use the same reporting template. Generic root causes: Many incident reports mentioned Hardware/software failure or Third party failure as the root cause category. Both categories are quite generic. For example, a power cut which is a frequent cause of outages, would be reported as third-party failure, just like it was a software update by a third party vendor, or the interruption of a network connection managed by a third party. It would be good to use more detailed root causes for the incident reporting. Sequence of events: In a number of incident reports there was a common pattern in how the incident started. For example, often there was severe weather and then a power cut, followed by the failure or depletion of backup power, causing outage. It would be useful to allow NRAs to report about such chains of events in the incident reporting template. This would also reduce conflicting situations where incidents may be perceived has having one out of two possible root causes, for instance a storm affecting power supply (third party or natural disaster?). Mapping to security measures: Preventing incidents is the main goal of Article 13a, but there is currently no clear mapping from the incident reports to the security measures (mandated by Article 13a). Incident reporting should include a pointer to the security measures that could have (or should have) prevented the incident. This would allow NRAs (nationally) and the Article 13a WG (on an EU level) to better understand how to prevent future incidents.
21 Annual Incident Reports References 8.1 Related ENISA papers The Article 13a WG technical guidelines on incident reporting and on minimum security measures: ENISA s whitepaper on cyber incident reporting in the EU shows Article 13a and how it compares to some other security articles mandating incident reporting and security measures: For the interested reader, ENISA s 2009 paper on incident reporting shows an overview of the situation in the EU 3 years ago 8.2 EU Legislation Article 13a of the Framework directive of the EU legislative framework on electronic communications: The electronic communications regulatory framework (incorporating the telecom reform): pdf An overview of the main elements of the 2009 reform:
Thresholds for annual reporting 1h-2h 2h-4h 4h-6h 6h-8h >8h 1% - 2% 2% - 5% 5% - 10% 10% - 15% > 15% 1 Annual reporting 2012 for the first time in the EU, national authorities report about cyber security
www.enisa.europa.eu About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private
www.enisa.europa.eu About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private
Version 2.0, January 2013 ii Technical Guideline on Incident Reporting About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise
Technical Guideline on Security Measures DRAFT, Version 1.93, April 2013 TLP GREEN (community wide) ii Technical Guideline on Security Measures About ENISA The European Network and Information Security
Technical Guideline for Minimum Security Measures Guidance on the security measures in Article 13a Version 1.0, December 2011 Technical Guideline for Minimum Security Measures I Authors Contractor data,
Analysis of Article 13a annual incident reports AUGUST 2015 www.enisa.europa.eu European Union Agency For Network And Information Security About ENISA The European Union Agency for Network and Information
Version 1.0 2011-12-10 I Contributors to this report Authors: Dimitra Liveri, Daniele Catteddu, Lionel Dupré. Peer Review: Dr. Marnix Dekker. Agreements or Acknowledgements For the completion of this report
Power Supply Dependencies in the Electronic Communications Sector Survey, analysis and recommendations for resilience against power supply failures December 2013 European Union Agency for Network and Information
ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 firstname.lastname@example.org 1 Who we are ENISA was
Prof. Udo Helmbrecht Guiding EU Cybersecurity from Policy to Implementation Udo Helmbrecht Executive Director Information Security for the Public Sector 2015 Stockholm 02/09/15 European Union Agency for
Cyber Europe 2012 December 2012 On National and International Cyber Exercises S I Acknowledgements ENISA wishes to thank all persons and organisations which have contributed to this exercise. In particular,
Cyber security initiatives in European Union and Greece The role of the Regulators Constantinos Louropoulos President of Hellemic Telecoms and Post Commission Agenda Cyberspace challenges EU security initiatives
Network and Information Security Legislation in the EU Dr. Marnix Dekker Security expert, Information security officer ENISA @RSA Europe, SPER-R07 Security perspectives Amsterdam, October 31, 2013 www.enisa.europa.eu
EU Priorities in Cybersecurity Steve Purser Head of Core Operations Department June 2013 Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure National & EU Cyber
CIIP : ENISA s Role in Assisting Member States Steve Purser Head of Core Operations SEDE Committee Brussels 21 April 2016 European Union Agency for Network and Information Security ENISA ENISA was formed
Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL 2015 www.enisa.europa.eu European Union Agency For Network And Information Security About ENISA The European Union Agency for Network
Security while travelling About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence
Cooperation in Securing National Critical Infrastructure Dr. Steve Purser Head of Core Operations Department European Network and Information Security Agency Agenda About ENISA Protecting Critical Information
EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA
Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda
Cyber Europe 2014 Questions and Answers 1 What is Cyber Europe 2014? Cyber Europe 2014 (CE 2014) is the largest and most comprehensive EU cyber-security exercise to date. It is a multi-event cyber exercise
E-mail security About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the
Progress Summary 04Q4 March 05 This summary presents an overview of the implementation of Your first Eures job since the start date of activities in June 0 until the end of 04. It highlights in particular
Cloud and Critical Information Infrastructures Cloud computing in ENISA Dr. Evangelos Ouzounis Head of Infrastructure & Services Unit www.enisa.europa.eu About ENISA The European Union Network and Information
SURVEY ON THE TRAINING OF GENERAL CARE NURSES IN THE EUROPEAN UNION This survey serves as a background document for the discussion of the Commission's legislative proposal to modernize the minimum requirements
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
CERT Exercises Handbook 223 223 19. Exercise: CERT participation in incident handling related to the Article 13a obligations Main Objective Targeted Audience Total Duration This exercise provides students
October 2011 EISAS European Information Sharing and Alert System for citizens and SMEs About ENISA The European Network and Information Security Agency (ENISA) acts as a centre of expertise on cyber security
Publishing date: 23/07/2015 Document title: We appreciate your feedback Please click on the icon to take a 5 online survey and provide your feedback about this document REPORT ON UNIT INVESTMENT COST INDICATORS
European judicial training 2014 Justice Europe Direct is a service to help you find answers to your questions about the European Union. Freephone number (*): 00 800 6 7 8 9 10 11 (*) Certain mobile telephone
ehealth in support of safety, quality and continuity of care within and across borders Gerard Comyn Acting Director Information Society & Media DG European Commission http://europa.eu.int/information_society/activities/health/index_en.htm
ICT Procurement Security Guide for Electronic Communications Service Providers European Union Agency for Network and Information Security www.enisa.europa.eu About ENISA The European Union Agency for Network
New Trends in Wholesale Broadband Access Regulation Corvinus University, Budapest 10 December 2009 James Thomson Cullen International email@example.com Outline Cable broadband Geographic
Disaster recovery planning. Disaster recovery planning is the creation of a process to follow in the event of a disaster. The development and the maintenance of a disaster recovery plan isn t something
Methodologies for the identification of Critical Information Infrastructure assets and services Guidelines for charting electronic data communication networks European Union Agency for Network and Information
Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency Norwegian Energy Days 2015, Oslo European Union Agency for Network and
Export of unemployment benefits PD U2 Questionnaire June 2014 Prof. dr. Jozef Pacolet & Frederic De Wispelaere HIVA KU Leuven Network Statistics FMSSFE This report has been prepared in the framework of
Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003 Guidance Publication date: 08 August 2014 About this document The legislation that applies to telecoms providers
5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for
Industry, trade and services Author: Julia URHAUSEN Statistics in focus 69/2008 Tourism in Europe: does age matter? This publication focuses on selective aspects of the travel behaviour of residents from
EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32 A call for views and evidence 22 nd May 2013 Contents Contents... 2 Overview: The EU Directive on Network and Information Security...
Secure ICT Procurement in Electronic Communications Analysis and recommendations for procuring ICT securely in the Electronic Communications Sector European Union Agency for Network and Information Security
Updating Ofcom s guidance on network security Call for Inputs Publication date: 13 December 2013 Closing Date for Responses: 21 February 2014 Contents Section Page 1 Introduction 1 2 Legislative framework
Business Continuity Overcome the Challenges A briefing paper by Phoenix IT Infrastructure Support Services Inspiring Partnership Contents Introduction 3 The Business Case 4 Cost Effective Solutions 7 Selling
What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures
CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October
Briefing note Survey of environmental liability insurance developments June 2014 Introduction This paper responds to the consideration by the European Commission (EC) of a possible EU-wide compulsory insurance
An SME perspective on Cloud Computing November 09 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA
The case for a European Social Union. From muddling through to a sense of common purpose. Frank Vandenbroucke EIB Institute Luxembourg, 5 March 2015 A European Social Union A Social Union would support
Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:
Policy Document Cybersecurity Strategy of the Republic of Cyprus Network and Information Security and Protection of Critical Information Infrastructures Version 1.0 23 April 2012 TABLE OF CONTENTS EXECUTIVE
European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria
Social dumping and free movement: Overview of current issues from an economic point of view Prof. dr. Jozef Pacolet & Frederic De Wispelaere Design Charles & Ray Eames - Hang it all Vitra Statistics on
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
UK Networks & Security An Overview Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008 Objectives The structure of your public communication networks The threat landscape these networks face
RUNNING TITLE COMES HERE IN RUNNING TITLE STYLE EBA REPORT ON ASSET ENCUMBRANCE SEPTEMBER 2015 1 Contents List of figures 3 Executive summary 4 Introduction to the first edition of the report 5 Background
VOIP ACTION PLAN TO ACHIEVE CONFORMITY WITH ERG COMMON POSITION June, 2009 VOIP ACTION PLAN TO ACHIEVE CONFORMITY WITH ERG COMMON POSITION Introduction In 2007, ERG adopted a Common Position 1 on the regulation
Tackling undeclared work in the European Union and the EU candidate countries Barbara Gerstenberger Eurofound Outline Definition of undeclared work Nature of undeclared work Tackling undeclared work in
Europeans and mobility: first results of an EU-wide survey Are Europeans ready to seize the opportunities that mobility offers in today's labour markets? Are EU citizens aware of their rights and opportunities?
Security & Privacy Current cover and Risk Management Services Introduction Technological advancement has enabled greater working flexibility and increased methods of communications. However, new technology
Digital Agenda Targets Progress report Digital Agenda Scoreboard 2014 1 NGA coverage: Fast broadband technologies capable of providing at least 30 Mbps are available to 64%, up from 54% a year ago Among
ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt Cyber European Union Security Agency for Network Energia, and Informa8on Rome, Security 24/09/15
The EU s 2030 Effort Sharing Agreement Brussels CEPS Workshop, 29.06.2015 Oliver Sartor, firstname.lastname@example.org Research Fellow, Climate & Energy Policy, IDDRI Celine MARCY, IDDRI Institute for Sustainable
Business Continuity and Disaster Recovery Planning: A Collaborative Approach Dr. Gillian Cambers, Disaster Risk Management Specialist, CDB Regional Workshop for Health Planners and Policy Makers, September
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
Men s Health in Europe 19.03.2013 The State of Divorced and Single Men s Health in Europe Copenhagen University Hospital, Rigshospitalet Denmark Correspondence:, Copenhagen University Hospital, Rigshospitalet
ENISA and Cloud Security Dimitra Liveri NIS Expert EuroCloud Forum 2015 Barcelona 07-10-2015 European Union Agency for Network and Information Security Securing Europe s Information Society Operational
Intelligence FIRST helping your business make better decisions Cyber security Keeping your business resilient Cyber security is about keeping your business resilient in the modern technological age. It
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
The European CYberSecurity cppp ECYS Draft Proposal 12 April 2016 The urgency to act We cannot miss the window opportunity for budgetary reasons: create a synergy among the different EC budgets via the
ENISA and Cloud Security Rossen Naydenov Network Information Security Officer Critical Information Infrastructure Protection Department - ENISA European Union Agency for Network and Information Security
Khalil ROUHANA Director Directorate-General for Information Society European Commission email@example.com What is the Digital Agenda? Every European Digital N. Kroes Importance of Information
Introduction to Return on Security Investment [Deliverable December 2012] Introduction to Return on Security Investment I About ENISA The European Network and Information Security Agency (ENISA) is a centre
MEMORANDUM Date Our reference Page 13 Feb. 2008 File ref: 08-630 1(12) Network Security Department Björn Scharin +46(0)8-678 55 98 firstname.lastname@example.org Ministry of Enterprise, Energy and Communications
Social investment and social policy innovation in a European Social Union Frank Vandenbroucke Brussels 19 May 2014 Debates on social Europe Social Europe is an elusive concept Denial of existing acquis
Flash Eurobarometer BUSINESS-TO-BUSINESS ALTERNATIVE DISPUTE RESOLUTION IN THE EU REPORT Fieldwork: March-April 22 Publication: November 22 This survey has been requested by Directorate-General for Justice
NATIONAL BANK OF THE REPUBLIC OF MACEDONIA 5TH CONFERENCE ON PAYMENT AND SECURITIES SETTLEMENT SYSTEMS Rui Pimentel BANCO DE PORTUGAL ORGANISATION AND ACTIVITIES IN PAYMENT SYSTEMS Payment Systems Department
Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information
Manage IT Service Continuity and Availability Description School jurisdictions are increasingly dependent upon IT services to support day-to-day activities. The process of managing IT ensures that IT services
Preventing identity theft About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence
Sophie Weisswange DGVT meeting European developments in VET Quality Assurance Dublin 22-23 May 2013 EQAVET EQAVET list of indicators Underlying objectives: Better employability Better match between training
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT