New ICT security procedures to protect against espionage by intelligence services
Bern, 01.07.2015 - During its meeting today, the Federal Council approved a revision of the directives on ICT security in the Federal Administration. A verification process will now be applied to reduce the risk of ICT providers that are exploited by intelligence services spying on information through procurement projects for the Federal Administration. The new directives will come into effect on 1 January 2016.
The intelligence services of various countries pursue a comprehensive information gathering strategy. These services can oblige the ICT industry in their country not to comply with contractual and statutory confidentiality obligations. In view of this perceived threat, service providers that have their registered office outside of Switzerland or whose dependence on foreign countries represents a risk can no longer be considered as ICT security partners. They must undergo intensive checks and, where necessary, be completely excluded from the procurement of critical services.
Verification process enshrined in ICT security directives
Consequently, on 29 January 2014, the Federal Council instructed the Federal Department of Finance (FDF), together with the departments and the Federal Chancellery, to draw up principles for ICT service provision in the Federal Administration, identify the need for protection vis-à-vis ICT service providers exploited by intelligence services, establish the necessary protective measures and coordinate them with the procurement procedure. To implement these tasks, the FDF's Federal IT Steering Unit (FITSU) has created a verification process which will be enshrined as a new security requirement in the directives on ICT security in the Federal Administration and will come into effect on 1 January 2016.
Measures under procurement law will be reviewed
The verification process defines criteria for identifying risk-related ICT procurements. It also specifies how protective measures in terms of security, organisation and the sensitive area of procurement law are to be applied. Furthermore, within the framework of the revision of the Federal Act on Public Procurement, the Federal Council has instructed the Federal Office for Buildings and Logistics (FOBL) to examine an exemption for the procurement of particularly critical ICT services for the Confederation in the civilian area too. This should include consideration of the possibilities of state security, as provided for by the superior international Agreement on Government Procurement.
Address for enquiries
Roland Meier, Media Spokesperson FDF
Tel. +41 31 322 60 86, roland.meier@gs-efd.admin.ch
Documents
Publisher
The Federal Council
https://www.admin.ch/gov/en/start.html
Federal Department of Finance
https://www.efd.admin.ch/efd/en/home.html
