Silence on Cyber-Security
A recent EU report has concluded that cyber-security incidents have a tendency to remain unreported. This was recently concluded through statistics collected by the “European Network and Information Security Agency” (ENISA).
Cyber-security incidents are serious matters. Looking back at recent times, a 2010 hack by a Chinese telecom provider hijacked 15% of the world’s internet traffic for 20 whole minutes. That might not sound like a lot to an individual user, but to somebody taking a bird’s eye view at network activity, not only would it show, but it would cause alarm. In 2011, a failure in the British Data Centre interrupted millions of business communications worldwide. Also, there have been several incidents of server breaches aimed at stealing credit card details, both to companies like “Sony” as well as “Valve”. The list could go on.
Oddly enough, many of these incidents do not even get reported.
The study carried out by ENISA concluded, quite alarmingly, that only one of the above cases was supposed to be reported by EU regulatory mandate. This shows a serious lack of regulation in the way these happenings are dealt with. The solution proposed by ENISA, in order to address this matter, is to formulate a uniform reporting format.
ENISA has received reports, recently, concerning no less than 51 large incidents from regulators throughout the EU. These reports describe impact, root causes, actions taken to address the matter and the lessons learned in the process. These reports are currently contributing to the European Cyber Security Strategy.
Many entities are presumed to avoid reporting out of fear that the information should go public. ENISA wishes to promote a situation where this fear is replaced with a common understanding that by reporting on such issues, the whole EU may benefit from understanding of the incident.