The Decisive Factors for Designing End-to-End Resilient Networks Identified

By Enisa - European Network And Information Security Agency, PRNE
Sunday, January 23, 2011

BRUSSELS and HERAKLION, Greece, January 25, 2011 - The resilience of data networks is vital for the economy and society.
Yet, abnormal but legitimate traffic, malicious attacks, accidents or human
mistakes, and technical failures at lower levels can still hamper network
access. This has major consequences for the information society, as networks
is found everwhere, behind energy, water, e-commerce; i.e. the entire
critical information infrastructure. ENISA now presents the design principles
of "end-to-end resilience" in a widened scope, e2e Resilience, in its new
report (; i.e. how
networks will allow for connectivity, also with quality in focus. The e2e
approach involves aspects beyond, and in addition to, technology for
standardisation bodies and policy makers.

Resilience is needed when operators lose control of the course of things,
i.e. when incidents render incident response procedures ineffective and
destabilise the management. Thus, resilience management and design has to
consider all aspects: the end-users, the context in which they use the
system, the technology of the system, the structure of the organisation and
the organisation's ability to be resilient, and ultimately the ability of the
society in which the system operates.

The new comprehensive Agency report ( focussing on
public networks and services identifies the decisive factors for end-to-end
resilience. It thereby informs standardisation bodies and regulators how to
enable and manage end-to-end resilience. The e2e resilience concept in this
report is expanded from being bound only to the network layer, to be a more
comprehensive and thereby different approach in this unique study. This
extended scope of end-to-end resilience is achieved from the planned
combination of prevention, protection, response and recovery arrangements,
whether technical, organisational or social.

The Agency Executive Director Prof. Udo Helmbrecht (

"This report provides principles of designing networks able to carry
end-to-end traffic, which is of great use for the national regulators."

In detail, the report stipulates that e2e requires:

    - To cope with incidents from very minor up to extreme impacts

    - To cope with situations that can be handled through everyday incident
      response procedures up to crises too complex to be handled in a
      day-to-day procedural manner

The report also provides a comprehensive characteristics of a resilient

A resilient system is reliable

    - A resilient infrastructure features high availability that is an effect
      of all components

    - A resilient system should provide for business continuity and
      management of unforeseen or unexpected risks

    - A resilient system should offer a security level adequate to the
      information being transmitted

    - End-to-end resilience requires resilience in all components of the

The report also identifies good practices to achieve resilience, which
should be used by standardisation bodies and policy makers.

Political context: The importance of resilience is e.g. underlined in the
Digital Agenda (,
point 2.2 - which stresses the importance of effective interoperability
between IT products and services to build a truly digital society and
standards. It is also supported in e.g. the Granada Declaration (

Read the full report:

(Due to the length of the above URLs, it may be necessary to copy and
paste the hyperlinks into your Internet browser's URL address field. Remove
the space if one exists.)

For interviews: Ulf Bergstrom, Spokesman, ENISA, press at, Mobile: +30-6948-460143, or Slawomir Gorniak, Expert, +30-6970015163, slawomir.gorniak at

will not be displayed