During its meeting on August 17, 2021, the Federal Council’s Cybercommittee adopted the report on the progress made in implementing the 2018-2022 national strategy for the protection of Switzerland against cyber-risks (NCS). Implementation is proceeding according to plan and is supported by the cantons, the business community and universities. The report was published today.
The National Cybersecurity Centre (NCSC) coordinates the implementation of the NCS and prepares an annual report on the implementation status on behalf of the NCS Steering Committee. The report published today covers the current implementation status as of the second quarter of 2021. Of a total of 275 milestones, 154 have been implemented and of the 29 measures, six have already been completed.
Further development of organisational structures
A key element of the NCS implementation is the development of the organisational structures in the Confederation. The areas of cybersecurity (NCSC), cyberdefence (DDPS) and cyberlaw enforcement (FDJP) have undergone further strategic and organisational development. The national contact point for cyberincidents became operational on 1 January 2020 and processed 10834 incidents reported by companies and the general public in its first year. In line with the overarching NCS, the Federal Department of Defence, Civil Protection and Sport (DDPS) defined the guidelines for the strategic orientation of cyberdefence for the period 2021 to 2024 in the DDPS cyberstrategy. In the area of law enforcement, the organisation and financing of the Network for Investigative Support in the Fight against Cybercrime (NEDIK) was regulated in an administrative agreement. The network pools specialised resources at the national level to efficiently combat digital crime and makes an important contribution to prevention.
Parallel to this, implementation work is underway in which the cantons, the business community and universities are involved to a significant degree.
Development of vulnerability management and introduction of security labels
One focus of the NCS is the development of vulnerability management at the NCSC. In the future, bug bounty programmes (use of ethical hackers) are to be established for the entire Federal Administration. In the context of the SwissCovid app and the Covid certificate, the NCSC conducted two public security tests (PSTs) and was thus able to make its expert services available to the Federal Administration. For the PST related to the Covid certificate, the NCSC collaborated for the first time with the National Test Institute for Cyber Security (NTC), which was founded last year on the initiative of the Canton of Zug.
The reporting period also saw the launch of the initiative to create an independent seal of quality for IT services. The aim is to increase the level of quality of services and thus the cyber-resilience of companies, and to strengthen confidence in Switzerland’s digital security. In order to promote cybersecurity among communes in particular, the “cyber-safe.ch” pilot project was also launched with the support of the NCS, the Swiss Security Network (SSN) and the Association of Swiss Communes (ASC). Currently, around fifteen Swiss communes are being tested and informed about any measures they may need to take before they could be awarded the “cyber-safe.ch” label.