Cyber risks: Federal Council acknowledges NCS steering committee's annual report for 2015
Bern, 20.04.2016 - During its meeting today, the Federal Council acknowledged the 2015 annual report of the steering committee on the state of implementation of the national strategy for the protection of Switzerland against cyber risks (NCS). Important objectives were achieved last year. Among other things, risk and vulnerability analyses were carried out in critical sub-sectors, a situation radar was developed to visualise the current threat situation and the specialist competence centres were further expanded to enable incidents to be addressed more quickly.
The Federal Council adopted the national strategy for the protection of Switzerland against cyber risks on 27 June 2012, as well as its 16-point implementation plan on 15 May 2013. The 16 measures should be completed by the end of 2017. The Federal Council acknowledged the 2015 annual report today. It was possible for important objectives to be achieved also last year. The implementation of the measures is largely on schedule.
Risk analyses and visualised threat situation
Risk and vulnerability analyses were completed in ten of the 28 critical sub-sectors. Initial draft concepts showed how the vulnerabilities identified can be reduced. Risk analyses exist for the following sub-sectors: natural gas supply, road traffic, power supply, air traffic, food supply, medical care and hospitals, banks, laboratories, media and civil protection. Aside from knowledge about the vulnerabilities, a sound assessment of the current threat situation is also an important tool. That is why the Reporting and Analysis Centre for Information Assurance (MELANI) developed an interactive situation radar that displays the various cyber threats against Switzerland's infrastructures and highlights their relevance, thereby enabling threats to be detected early on.
Specialist competence centres expanded
In addition, the organisational units of the Federal Administration that are responsible for identifying cyber risks and dealing with incidents were further expanded in 2015 to enable incidents to be addressed more quickly and in parallel. In order to identify perpetrators, the specialist cyber division of the Federal Intelligence Service (FIS) built up on its specialist knowledge and skills in this area, allowing it to analyse the targets, methods and players in an attack and thereby to identify potential perpetrators.
International cooperation and competence-building
Important steps were taken in the area of research and education in order to counter the skills shortage in the area of ICT security. Likewise, international cooperation was stepped up significantly at the bilateral and multilateral levels, and a second set of confidence-building measures was drawn up with the OSCE and approved.
The NCS strategy triggered an implementation process that produces initial effects on an ongoing basis at the operational level, and it will not be completed even after 2017. An effectiveness assessment was initiated in January 2016 in order to check how effective the 16 measures are. It is being conducted by an external and neutral body. The results will be submitted to the Federal Council in spring 2017 as the basis for decisions on how to proceed.
Address for enquiries
Stefanie Frey, NCS Coordination Unit/FITSU
Tel. 058 46 40529, Stefanie.Frey@isb.admin.ch
Federal Department of Finance FDF