Cyber-Defence Campus: International cooperation with the German Federal Office for Information Security
Bern, 20.12.2021 - armasuisse’s Cyber-Defence (CYD) Campus is working together for the first time with the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) in the area of cyber security. The cooperation includes the provision of open-source software applications, which enable the creation and management of security advisories in a format usable by machines. The aim is to make the exchange of information on security vulnerabilities easier and so helping to improve the cyber security.
The CYD Campus’ tasks include the development and testing of cyber technologies. Under this aspect, the CYD Campus is now working together with the German BSI to support the development and distribution of the Common Security Advisory Frameworks (CSAF) and to demonstrate its feasibility. The CSAF aims to separate the contents of security advisories from their visual appearance and to standardise their exchange. As a result, two software application prototypes have emerged which are now successively being developed into complete open-source tools. In the future, they should help operators, manufacturers and authorities to exchange vulnerability information more efficiently. The aim is a contribution in increasing the cyber security.
Increasing challenges for companies
With their work on the CSAF, the CYD Campus and the BSI are counteracting the increasing number of published security advisories. As up to now, automated processing of security advisories has either not or only on a very restricted basis been possible, the increasing number of security advisories brings major challenges to companies.
Information on IT vulnerabilities
Information on IT vulnerabilities that have become known are summarised in security advisories. These typically contain information on the type and criticality of the identified vulnerabilities, which products and versions are affected and how they can be resolved. In Switzerland, for example, this type of information is collected by the National Cyber Security Centre (NCSC) and forwarded to concerned users after appropriate cross-checking.
Automatic retrieval of security advisories
Today, security advisories are usually published in the form of human-readable documents. There is also no standardised procedure on where and how they are published. The CSAF wants to change this and enable a machine-processable format of security advisories. The CSAF standard defines where and in which format security advisories should be provided. In this way, for example companies, operators and authorities can retrieve security advisories automatically and match them with their own databases. The CSAF is thus making a crucial contribution to helping companies maintain an overview and securing their systems in the future. The CYD Campus is working together with the German BSI as part of the national strategy to protect Switzerland against cyber risks (NCS 2018-2022). Together, the specialists from Germany and Switzerland are promoting the development and distribution of the CSAF standard.
Address for enquiries
Deputy Head of Communications armasuisse
+41 58 464 60 42