Switzerland implemented its latest cybersecurity strategy in 2018: National Strategy for the Protection of Switzerland against Cyber Risks (NCS) 2018-2020. It is the second national strategy, with the first one published in 2012, which was implemented in 2013.
The new strategy covers the following strategic goals in the ENISA self-assessment classification: Cybercrime, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation, public-private partnership, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, incident reporting mechanisms, cybersecurity exercises, training and educational programme.
TRAINING AND EDUCATION IN NATIONAL CYBERSECURITY STRATEGY
|Building Competences & Knowledge||
There are three main measures for increasing knowledge about cybersecurity and build stronger defensive systems:
Trends and technologies in the ICT sector and the resulting opportunities and risks must be identified at regular intervals and at an early stage. The results of this monitoring are communicated to stakeholders in research, the private sector, the public sector, and society. Basic and applied research is promoted as needed and to the extent possible within the framework of existing means and processes (e.g. through National Research Programmes).
In an exchange involving the private sector, universities, the federal government, and the cantons, the need is analysed for building competence in cyber risks. In particular, it is examined how the topic of cyber risks can be increasingly integrated into existing courses of study.
The country should be an attractive location for companies in the field of ICT security. An increased exchange between the private sector and research should help promote innovative start-ups in this area. For this purpose, existing means as referred to in Measure 1 are also available. In cooperation with the associations and universities, further measures to improve the framework for the ICT security economy will be examined and implemented as necessary.
|Public Impact and Awareness Raising||
The new measures are a direct response to an assessment of the actions undertaken in recent years, which has highlighted the need to make a greater contribution to raising awareness of cyber risks among the population, businesses and policymakers and to informing them about possible protective measures.
The communication guidelines, responsibilities and processes are defined in a concept. The balance between confidentiality and the need for information is also discussed. The implementation of the concept via media and public relations work should be specific to target groups and actively promoted.
The federal government aims to help raise public awareness of cyber risks. It strengthens communication about cyber risks and makes use of the existing capacities of associations and authorities already active in this area.
|Higher Education Courses on Cybersecurity||
|Standardisation and Regulation||
The 2018-2022 strategy places considerable emphasis on standardisation and regulations, including the following measures:
On the basis of the risk and vulnerability analyses, verifiable minimum ICT standards are evaluated and introduced in close cooperation among the specialist authorities, the private sector and the associations. Where available, existing standards are used and adapted if necessary. Building on the results of the vulnerability analyses, the competent authorities examine for which organisations and activities the standards should be binding.
The federal government builds up a pool of experts on standardisation questions relating to cyber security. The pool of experts, advisers, regulators on the development and implementation of topic-specific standards, regulations and guidelines. Where necessary, the pool of experts supports the cantons, monitors international developments relating to standardisation and regulation, and communicates with the private sector in this regard. By doing so, the pool of experts contributes to a coordinated approach in line with international developments.
Public Private Partnerships
The federal government operates the Reporting and Analysis Centre for Information Assurance (MELANI) to support operators of critical infrastructures. MELANI serves as a contact point at the state level and offers support in the technical and intelligence analysis of incidents, including the associated information exchange platform. MELANI also plays a leading coordinating role within the Federal Administration in dealing with incidents. As a rule, the affected federal offices inform MELANI, which evaluates the reports and forwards them to the necessary federal agencies. However, the processes are not standardised, and it is not clear at what time MELANI informs the SCG and/or the FCSC.
The 2018-2022 strategy expands MELANI as a public-private partnership as stipulated in the first national strategy with priority on operators of critical infrastructures through the Swiss National Cyber Security Centre.
The aim is for all critical sectors to be involved in the exchange of information, which should also increasingly be engaged in across all sectors. When expanding the PPP, it must be ensured that the quality of existing services is maintained. It must be clearly defined which members of the closed constituency are entitled to which services.
Geneva Centre for Security Policy mandate:
|EU Cyber Professional Register for national stakeholders||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
|Latest Update & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
|Computer Security Response Teams||
GovCERT.ch (English) is the Computer Emergency Response Team (GovCERT) of the Swiss government and the offical national CERT of Switzerland. GovCERT.ch's parent organisations is the Reporting and Analysis Centre for Information Assurance (MELANI) which belongs to the Federal IT Steering Unit (FITSU) of the Federal Department of Finance (FDF).
Its constituency is the network of the Swiss Federal Administration (Government) as well as the private and public sectors in Switzerland. GovCERT.ch supports the critical IT infrastructure in Switzerland in dealing with cyberthreats by providing services such as technical analyses and information about targeted (but not limited to) attacks against the national critical IT infrastructure. Additionally, GovCERT.ch is authorised to handle all types of computer security incidents related to Switzerland, representing the national CERT of Switzerland.
SWITCH-CERT (English), the Computer Emergency Response Team operated by SWITCH, currently protects members of the Swiss academic community, holders of .ch and .li domains, Swiss banks and, by default, the entire Swiss Internet community.
|Report a cyber incident to national CERT/CSIRT||
|Languages||English; German (mostly for Internet users and companies for awareness-raising)|
|Latest Update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.