Cyber risks are actively tackled: NCS implementation is on track
Bern, 05.06.2015 - During its meeting today, the Federal Council acknowledged the 2014 annual report of the steering committee on the state of implementation of the national strategy for the protection of Switzerland against cyber risks (NCS). The annual report gives a general overview of implementation and provides information on the achieved objectives of the 16 measures. For instance, a plan for management procedures and processes to be followed for cyber incidents has been developed, and cooperation between the Confederation and the private sector has been strengthened with the "Swiss Cyber Experts" competence network. Furthermore, the establishment of the Cyber FIS Division within the Federal Intelligence Service will make it easier to identify perpetrators in the future. The report also provides information on the effectiveness assessment planned for 2017.
On 27 June 2012, the Federal Council adopted the national strategy for the protection of Switzerland against cyber risks as well as its 16-point implementation plan on 15 May 2013. The 16 measures should be completed by the end of 2017. The NCS steering committee submits a progress report to the Federal Council annually.
Important objectives achieved, first measures completed
The first important objectives and milestones were achieved in 2014 as planned. Two measures have already been completed: an overview of the relevant legal foundations for cyberspace and a plan for management procedures and processes to be followed for cyber incidents. Another major achievement is the establishment of the "Swiss Cyber Experts" competence network, a public-private partnership between the Swiss government and the private sector for cooperation on dealing with serious cyber incidents. Within the Confederation, the newly established Cyber FIS Division of the Federal Intelligence Service (FIS) will make it easier to identify perpetrators in the future. Furthermore, the existing competence centres for malware analysis (CERTs) have improved their readiness and resilience.
Among the measures implemented, it should be noted that some operators of critical infrastructure have performed risk and vulnerability analyses with regard to cyber risks, the results of which have been used to launch the development of a plan for continuity management. Work on preparing a picture of the situation is also going according to plan. In addition, international cooperation at the bilateral and multilateral levels has been strengthened considerably, in particular within the framework of the confidence-building measures drawn up by the OSCE, the chairmanship of which was held by Switzerland in 2014.
Effectiveness assessment under way
The activities initiated by the NCS to protect against cyber risks must be adapted regularly to changes in the area of threats. These activities will also be pursued beyond 2017. A corresponding analysis will be performed in 2015 and 2016 to assess the effectiveness of each of the measures. The analysis is to be submitted to the Federal Council as a detailed final report in the spring of 2017.
Decentralised but coordinated NCS implementation
The Federal Council has set three main strategic objectives with the NCS: early identification of threats and dangers in cyberspace, improvement of the resilience of critical infrastructure and effective reduction of cyber risks. These have resulted in a broad range of measures which are dealt with on a decentralised basis by the competent organisational units. The NCS coordination unit, which is part of the Reporting and Analysis Centre for Information Assurance (MELANI), coordinates the work at the operational and technical levels. The NCS steering committee, which is appointed by the Federal Council and is composed of representatives of all of the departments involved, assumes strategic responsibility. In order to ensure that implementation is coordinated and the strategic objectives are achieved on time, the NCS coordination unit has defined milestones together with the federal units responsible and set them out in a roadmap.
Address for enquiries
Stefanie Frey, NCS Coordination Unit, Federal IT Steering Unit FITSU
Tel. 058 46 40529, firstname.lastname@example.org
The Federal Council
Federal Department of Finance