As a year that was impacted by the COVID-19 pandemic, 2020 was atypical in terms of public health and social disruption and highly demanding in terms of access to technologies and connectivity. In a year that saw significantly increased use of telecommunications networks and services, the number of incidents occurring and the average duration of service non-availability fell to the lowest levels on record.
In 2020, there was a significant reduction in the total number of security incidents notified to ANACOM by electronic communications network and services companies: 64 security incidents, (a reduction of 20% from 2019) and the lowest value recorded since 2015, as shown in Graph 1.
Graph 1 - Number of security incidents reported annually (2015-2020)
Unit: number of notifications
Source: ANACOM
Out of all the incidents reported in 2020, 59% were due to failures in the supply of goods or services by external entities, specifically failure in the supply of electric power or faults in leased lines. Incidents resulting from accidents or natural phenomena made up 22% of reported incidents; hardware/software maintenance or failure resulted in 16% of incidents; and malicious attack accounted for 3% of incidents.
In 2020, the majority of notifications had an impact on two or more publicly available electronic communications services. According to the notifications received, the fixed telephone service was the service most affected (88% of all notifications received), followed by the mobile telephone service (70%) and mobile Internet (33%).
Over the last six years, the three most affected services were, in decreasing order (Graph 2): the fixed telephone service (70%), the mobile telephone service (57%) and mobile Internet (45%); fixed Internet was affected in 29% of notifications received, DTT in 23% and subscription TV in 20% of notifications.
Graph 2 - Notified security incidents per type of service affected, 2015-2020
Unit:% of security incidents
Source: ANACOM
Of the 27 security incidents that were reported due to their impact on the number of subscribers/accesses affected (thresholds), nine were covered by public disclosure obligations applicable to the companies MEO, NOS and NOWO/ONI.
Meanwhile, a notable deterioration was reported in terms of incidents occurring in 2020 which disrupted the ability of users to contact emergency call centres using the 112 emergency number. In 2020, 32 reported security incidents (50% of the total) impacted access to the Call Centres of the 112 emergency service (Public Safety Answering Points). In 2019, this service was impacted by 31 reported incidents (39% of the total).
Three security incidents exceeded the EU-level reporting threshold during 2020, based on incident duration and the relative number of subscribers/accesses affected (in 2019, eight such security incidents were reported). ANACOM reported these incidents to the European Commission and to the European Network and Information Security Agency (ENISA).
Consult:
- Report on security breaches or loss of integrity (2020) https://www.anacom.pt/render.jsp?contentId=1683281
