Switzerland (CH)

Switzerland implemented its latest cybersecurity strategy in 2018: National Strategy for the Protection of Switzerland against Cyber Risks (NCS) 2018-2020. It is the second national strategy, with the first one published in 2012, which was implemented in 2013. 

The new strategy covers the following strategic goals in the ENISA self-assessment classification: Cybercrime, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation, public-private partnership, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, incident reporting mechanisms, cybersecurity exercises, training and educational programme. 

TRAINING AND EDUCATION IN  NATIONAL CYBERSECURITY STRATEGY

Building Competences & Knowledge

There are three main measures for increasing knowledge about cybersecurity and build stronger defensive systems: 

  • Early identification of trends and technologies and knowledge building:

Trends and technologies in the ICT sector and the resulting opportunities and risks must be identified at regular intervals and at an early stage. The results of this monitoring are communicated to stakeholders in research, the private sector, the public sector, and society. Basic and applied research is promoted as needed and to the extent possible within the framework of existing means and processes (e.g. through National Research Programmes).

  • Expansion and promotion of competence building:

In an exchange involving the private sector, universities, the federal government, and the cantons, the need is analysed for building competence in cyber risks. In particular, it is examined how the topic of cyber risks can be increasingly integrated into existing courses of study.

  • Creation of a favourable framework for an innovative ICT security economy in Switzerland:

The country should be an attractive location for companies in the field of ICT security. An increased exchange between the private sector and research should help promote innovative start-ups in this area. For this purpose, existing means as referred to in Measure 1 are also available. In cooperation with the associations and universities, further measures to improve the framework for the ICT security economy will be examined and implemented as necessary.

Public Impact and Awareness Raising

The new measures are a direct response to an assessment of the actions undertaken in recent years, which has highlighted the need to make a greater contribution to raising awareness of cyber risks among the population, businesses and policymakers and to informing them about possible protective measures.

  • Creation and implementation of a communication concept for the NCS.

The communication guidelines, responsibilities and processes are defined in a concept. The balance between confidentiality and the need for information is also discussed. The implementation of the concept via media and public relations work should be specific to target groups and actively promoted.

  • Raising public awareness of cyber risks.

The federal government aims to help raise public awareness of cyber risks. It strengthens communication about cyber risks and makes use of the existing capacities of associations and authorities already active in this area.

Higher Education Courses on Cybersecurity

Standardisation and Regulation

The 2018-2022 strategy places considerable emphasis on standardisation and regulations, including the following measures: 

  • Evaluation and introduction of minimum standards.

On the basis of the risk and vulnerability analyses, verifiable minimum ICT standards are evaluated and introduced in close cooperation among the specialist authorities, the private sector and the associations. Where available, existing standards are used and adapted if necessary. Building on the results of the vulnerability analyses, the competent authorities examine for which organisations and activities the standards should be binding.

  • Building expertise on standardisation questions relating to cyber security.

The federal government builds up a pool of experts on standardisation questions relating to cyber security. The pool of experts, advisers, regulators on the development and implementation of topic-specific standards, regulations and guidelines. Where necessary, the pool of experts supports the cantons, monitors international developments relating to standardisation and regulation, and communicates with the private sector in this regard. By doing so, the pool of experts contributes to a coordinated approach in line with international developments.

Public Private Partnerships

The federal government operates the Reporting and Analysis Centre for Information Assurance (MELANI) to support operators of critical infrastructures. MELANI serves as a contact point at the state level and offers support in the technical and intelligence analysis of incidents, including the associated information exchange platform. MELANI also plays a leading coordinating role within the Federal Administration in dealing with incidents. As a rule, the affected federal offices inform MELANI, which evaluates the reports and forwards them to the necessary federal agencies. However, the processes are not standardised, and it is not clear at what time MELANI informs the SCG and/or the FCSC.

The 2018-2022 strategy expands MELANI as a public-private partnership as stipulated in the first national strategy with priority on operators of critical infrastructures through the Swiss National Cyber Security Centre

The aim is for all critical sectors to be involved in the exchange of information, which should also increasingly be engaged in across all sectors. When expanding the PPP, it must be ensured that the quality of existing services is maintained. It must be clearly defined which members of the closed constituency are entitled to which services.

 

IT/Cyber Clusters

Geneva Centre for Security Policy mandate: 

  • The cyber security cluster within the Emerging Security Challenges Programme tackles cyber issues through executive education and training, applied policy analysis and dialogue.
  • The cyber cluster serves as a hub that convenes cyber experts from across the public, private and civil society to examine current and future cyber challenges.
  • The cyber cluster offers executive education covering areas such as cyber security strategy formulation and cyber diplomacy.
  • Outreach activities include the co-organisation of track 1.5 dialogues, expert workshops tackling specific cyber issues (for example, the implementation of confidence-building measures), and capacity building activities such as the cyber 9/12 student challenge organised in collaboration with the Atlantic Council. 
  • The cluster contributes to internal and external policy papers on cyber security issues. Examples of topics examined include computer network defence, cyber security strategy formulation, and future challenges in cyberspace.
EU Cyber Professional Register for national stakeholders

The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.

Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest Update & Disclaimer

January 2021.

The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. 

 

Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification

Computer Security Response Teams

GovCERT.ch (English) is the Computer Emergency Response Team (GovCERT) of the Swiss government and the offical national CERT of Switzerland. GovCERT.ch's parent organisations is the Reporting and Analysis Centre for Information Assurance (MELANI) which belongs to the Federal IT Steering Unit (FITSU) of the Federal Department of Finance (FDF).

Its constituency is the network of the Swiss Federal Administration (Government) as well as the private and public sectors in Switzerland. GovCERT.ch supports the critical IT infrastructure in Switzerland in dealing with cyberthreats by providing services such as technical analyses and information about targeted (but not limited to) attacks against the national critical IT infrastructure. Additionally, GovCERT.ch is authorised to handle all types of computer security incidents related to Switzerland, representing the national CERT of Switzerland.

SWITCH-CERT (English), the Computer Emergency Response Team operated by SWITCH, currently protects members of the Swiss academic community, holders of .ch and .li domains, Swiss banks and, by default, the entire Swiss Internet community.

 

Report a cyber incident to national CERT/CSIRT

GovCERT.ch (English: https://www.govcert.admin.ch/)

SWITCH-CERT (English: www.switch.ch/)

Languages English; German (mostly for Internet users and companies for awareness-raising)
Latest Update & Disclaimer

January 2021.

The information contained here is the result of desk research carried out by CYBERWISER.eu.

 

Contact us for more info

 

Switzerland (CH) | CYBERWISER.eu

CYBERWISER.eu Cyber Range & Capacity Building in Cybersecurity

Error

The website encountered an unexpected error. Please try again later.