-
Telecom Security Incidents 2022
The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022.
Published on March 14, 2024 -
Trust Services Security Incidents 2022
This report, the Annual Report Trust Services Security Incidents 2022, provides an aggregated overview of the notified breaches for 2022, analysing root causes, statistics and trends. This report marks the sixth round of security incident reporting...
Published on February 22, 2024 -
Trust Services Security Incidents 2021
This report provides an aggregated overview of the notified breaches for 2021, analysing root causes, statistics and trends. It marks the sixth round of security incident reporting for the EU’s trust services sector. In this round of annual summary...
Published on July 27, 2022 -
Telecom Security Incidents 2021
This report provides anonymised and aggregated information about major telecom security incidents in 2021. The 2021 annual summary contains reports of 168 incidents submitted by national authorities from 26 EU Member States (MS) and 2 EFTA countries.
Published on July 27, 2022 -
Cyber Threats Outreach In Telecom - Leaflet
This leaflet provides basic guidelines for National Authorities and telecom providers on how to inform users about cyber threats.
Published on March 10, 2022 -
Cyber Threats Outreach In Telecom
In this paper, we aim to give guidance to national Authorities and providers of electronic communications networks and services regarding how to strike the right balance and carry out efficient and effective outreach to users about cyber threats.
Published on March 10, 2022 -
Countering SIM-Swapping
In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of...
Published on December 06, 2021 -
How to Avoid SIM-Swapping - Leaflet
This leaflet, addresses the SIM-swapping attacks, how to recognise them and how to mitigate the risk connected to this fraud. In fact, subscriber Identity Module (SIM) swapping is a legitimate procedure performed by a customer to change their SIM...
Published on December 06, 2021 -
Telecom Security Incidents 2020 - Annual Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package: Article 13a of the Framework Directive (2009/140/EC) came into force in 2011. The European Electronic Communications...
Published on July 26, 2021 -
Trust Services Security Incidents 2020 - Annual Report
Article 19 of the eIDAS regulation sets out the security requirements for the trust service providers (TSPs) and introduces mandatory security breach reporting for trust service providers (TSPs) in the EU. This report provides an aggregated overview...
Published on July 26, 2021 -
Assessment of EU Telecom Security Legislation
European Union telecom security legislation has been changing over the last few years. In light of these policy changes, ENISA carried out an assessment of the implementation of EU telecom security policy, to inform policy makers in the Commission...
Published on July 13, 2021 -
Technical Guideline on Incident Reporting under the EECC
This document describes the formats and procedures for cross border reporting and annual summary reporting under Article 40 of the EECC. Paragraph 2 of Article 40 describes three types of incident reporting: 1) National incident reporting from...
Published on March 22, 2021 -
Telecom Security During a Pandemic
The COVID-19 pandemic not only highlighted the importance of electronic communication networks and services for the EU’s society and economy, but it also triggered major changes and challenges in their use in the EU and worldwide. In this paper, we...
Published on November 26, 2020 -
Telecom Services Security Incidents 2019 Annual Analysis Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package, Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The incident reporting in Article 13a...
Published on July 23, 2020 -
Trust Services Security Incidents 2019 Annual Analysis Report
This report gives an aggregated overview of Trust Services Security Incidents in 2019, showing root causes, statistics and trends. It marks the fourth round of security incident reporting for the EU’s trust services sector. The annual summary...
Published on July 10, 2020 -
Encrypted Traffic Analysis
This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of...
Published on April 23, 2020 -
Security Supervision under the EECC
With this report ENISA aims to support EU countries with their transposition, by analysing the main changes to the security requirements and the security supervision under the new rules. The principles of security supervision under the new rules...
Published on January 10, 2020 -
EU Member States incident response development status report
Following the recent transposition of the NIS Directive1 (NISD) into European Member States (MS) legislation, this study aims to analyse the current operational Incident Response set-up within NISD sectors2 and identify the recent changes. The study...
Published on November 27, 2019 -
Trust Services Security Incidents 2018 - Annual report
The annual report on Trust Services Security Incidents 2018 gives an aggregated overview of security breaches, showing root causes, statistics and trends. It marks the third round of security incident reporting for the EU’s trust services sector...
Published on July 15, 2019 -
Annual Report Telecom Security Incidents 2018
This is the 8th time ENISA publishes an annual incident report for the telecom sector. In 2018, half of the total user hours lost (482 million user hours) were due to natural phenomena. It is the first year that natural phenomena are the main root...
Published on June 05, 2019 -
Annual Report Trust Services Security Incidents 2017
The Annual report Trust Services security incidents 2017 marks the 1st full year of annual reporting about significant security incidents in the EU's trust services sector. The legal framework for this incident reporting process is Article 19 of the...
Published on October 08, 2018 -
Annual report Telecom security incidents 2017
The Annual report Telecom security incidents 2017 is the 7th annual report about significant outage incidents in the EU electronic communications sector. The legal framework for this incident reporting process is Article 13a of the Framework...
Published on August 30, 2018 -
Annual Incident Analysis Report for the Trust Service Providers
This report provides an analysis and evaluation of the incident reporting procedure in the EU under the Article 19 of the eIDAS Regulation (2014/910/EC). Considering the fact that only the second half of 2016 was applicable and moreover that this...
Published on November 29, 2017 -
Annual Incident Reports 2016
For the sixth year, ENISA publishes the annual report about significant outage incidents in the European electronic communications sector, which are reported to ENISA and the European Commission under Article 13a of the Framework Directive...
Published on June 16, 2017 -
Article 19 Incident reporting
The focus of this document is the implementation of incident reporting and it aims at supporting the su-pervisory bodies in being aligned with obligations set out in Article 19. The Article 19 incident reporting framework has been prepared in...
Published on March 01, 2017 -
Incident notification for DSPs in the context of the NIS Directive
This report provides preliminary guidelines on how incident notification provisions for Digital Service Providers could be effectively implemented across the EU. Based on valuable input from Member States and companies directly impacted by the...
Published on February 27, 2017 -
Annual Incident Reports 2015
For the fifth year, ENISA publishes the annual report about significant outage incidents in the European electronic communications sector, which are reported to ENISA and the European Commission (EC) under Article 13a of the Framework Directive...
Published on October 05, 2016 -
Impact evaluation on the implementation of Article 13a incident reporting scheme within EU
As several years have passed since the publication and implementation of the Framework Directive 2009/140 including Art. 13a, an impact evaluation of the new article was necessary. The evaluation has the purpose of assessing the changes in outcome...
Published on March 18, 2016 -
Security incidents indicators - measuring the impact of incidents affecting electronic communications
Measuring the impact of incidents has become one of the toughest challenges nowadays, given the multitude of factors/indicators that must be taken into consideration. To address this issue, indicators are used, accompanied by thresholds, to assess...
Published on March 09, 2016 -
Analysis of security measures deployed by e-communication providers
The aim of this document is to provide an overview of good practices as regards security measures that are deployed by electronic communication providers in Europe
Published on February 09, 2016 -
Technical guideline for Incident Reporting
This document describes a framework for security incident reporting based on the requirements set by article 19 of the eIDAS regulation. It is being developed on a consensus basis between the experts of the working group formed by ENISA and it is...
Published on December 03, 2015 -
Technical Guideline on Threats and Assets
The Technical Guideline on Threats and Assets provides National Regulatory Authorities (NRAs) with a glossary of terms to communicate about the most significant threats and network assets involved in disruptions in electronic communications networks...
Published on September 14, 2015 -
Annual Incident Reports 2014
The report “Annual Incident reports 2014” provides an aggregated analysis of the security incidents in the European telecom sector in 2014 which caused severe outages. Most incidents reported to regulators and ENISA (137 incidents) involved fixed...
Published on September 14, 2015 -
Guideline on Security measures for Article 4 and Article 13a
The Technical Guideline on Security Measures for Article 4 and Article 13a gives guidance to national competent authorities about the supervision of security measures in Article 13a of the Framework Directive (2009/140/EC) and Article 4 of the...
Published on April 09, 2015 -
Protection of Underground Electronic Communications Infrastructure
This document aims to provide recommendations to Member States (MS) that wish to protect their underground electronic communications infrastructure against disruption due to civil works. This document shall help MS to assess their need to deploy an...
Published on December 17, 2014 -
Security Guide for ICT Procurement
The “Security Guide for ICT Procurement” aims to be a practical tool for electronic communications service providers to better manage security risks when dealing with vendors of ICT products and outsourced services. The Guide maps security risks...
Published on December 11, 2014 -
Secure ICT Procurement in Electronic Communications
The report, “Secure ICT Procurement in Electronic Communications”, focuses on the growing dependency of electronic communications service providers on ICT products and outsourced services, it analyses security risks associated with third party ICT...
Published on December 11, 2014 -
Technical Guideline on Minimum Security Measures
In this document we give guidance to NRAs about the implementation of Article 13a and in particular about the security measures that providers of public communications networks must take to ensure security and integrity of these networks. It lists...
Published on October 24, 2014 -
Technical Guideline on Incident Reporting
This guideline gives guidance to NRAs about the implementation of Article 13a (of EU Directive 2009/140/EC) and, in particular, the two types of incident reporting mentioned in Article 13a: the annual summary reporting of significant incidents to...
Published on October 24, 2014 -
Annual Incident Reports 2013
The Annual Incidents report 2013 provides an aggregated analysis of the security incidents in 2013 which caused severe outages. Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections.
Published on September 16, 2014 -
Proposal for One Security Framework for Articles 4 and 13a
There are two pieces of EU legislation which explicitly mention security measures in the telecom sector: Article 4 of the e-Privacy directive asks providers to take security measures to protect security of personal data processing. Article 13a of...
Published on December 20, 2013 -
Power Supply Dependencies in the Electronic Communications Sector
Electronic communications are the backbone of the EU’s digital society. Article 13a of the EU’s electronic communications Framework directive asks EU Member States to ensure the security and resilience of public electronic communications networks...
Published on December 16, 2013 -
National Roaming for Resilience
Mobile communications are an integral part of everyday life. In less than 30 years they have surpassed the traditional fixed line telephony. Every day millions of European citizens rely on mobile telephony for work, social life, but also to contact...
Published on November 27, 2013 -
Schemes for auditing security measures
Across society there are now critical services which rely on computers, networks and servers. Protecting the security of this information infrastructure is not easy. Often the information infrastructure is run by several organisations and uses...
Published on October 03, 2013 -
Annual Incident Reports 2012
This report provides an overview of the process and an aggregated analysis of the 79 incident reports of severe outages of electronic communication networks or services which were reported by national regulators during 2012.
Published on August 20, 2013 -
Annual Incident Report 2011
For the first time in the EU, in spring 2012, national reports about security incidents were provided to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC). This is a new article in the EU legal framework...
Published on October 11, 2012 -
Cyber Incident Reporting in the EU
We summarize different security articles in EU legislation which mandate cyber incidents and cyber security measures. In a single diagram we give an overview of Article 13a and Article 4 of the Telecom package, Article 15 of the proposed eID/eSig...
Published on August 27, 2012 -
Good Practice Guide on Incident Reporting
Given strong commitment by the EU institutions and the Member States to the resilience of public communications networks, ENISA was asked to help Member States and EU institutions to identify good practices in incident reporting schemes. This...
Published on December 10, 2009
Browse the Topics