Results

Results and implementation of 16 NCS measures (M1-M16) of the NCS strategy

as of 6th June 2016:

M1: Identify cyber risks by means of research

Objective:

Aided by research, the objective is to highlight the relevant cyber risks of the future as well as changes in the area of threats so that decisions in politics and the industry can be taken early and are future oriented.

Competent bodies:

  • Federal Department of Economic Affairs, Education and Research (EAER) - State Secretariat for Education, Research and Innovation (SERI);
  • Federal Department of Finance (FDF) - Coordination Unit NCS (CU NCS), supporting role.

Current status:

  • The steering committee for research and education relating to cyber risks has been set up.
  • Initial proposals for research topics have been discussed in the steering committee.
  • By the autumn, the core group of research experts will be invited by the steering committee and will then assist the steering committee as an advisory committee in drawing up the research programme.

Results: 


M2: Risk and vulnerability analysis

Objective:

To draw up risk and vulnerability analyses for 28 critical sub-sectors by the end of 2017. The aim of the risk and vulnerability analysis is to investigate the risks posed by ICT vulnerabilities in critical infrastructures for Switzerland.

Competent bodies:

  • Federal Department of Economic Affairs, Education and Research (EAER) - Office for National Economic Supply (FONES);
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Federal Office for Civil Protection (FOCP);
  • Specialized authorities;
  • Federal Department of Finance (FDF) - Reporting and Analysis Centre for Information Assurance (MELANI), supporting role.

Current status:

  • Risk and vulnerability analyses have been concluded in natural gas supply (FONES, October 2014), road traffic (FONES, April 2015), air transport (FONES, January 2016), power supply (FONES, January 2016), Media, (FOCP, January 2016), Medical care and hospitals (FOCP, January 2016), civil protection (FOCP, February 2016), laboratories (FOCP, February 2016), banks (FOCP, March 2016), food supply (FONES, May 2016), water supply (FONES, May 2016).
  • Work has begun in oil supply (FONES), information technology (FONES), waste water (FONES), rail transport (FONES), parliament, government, justice and administration (FOCP), first responders (FOCP), cultural heritage (FOCP), armed forces (FOCP), insurances (FOCP), diplomatic representation and international organisations (FOCP), research (FOCP).  
Further information:

M3: Vulnerability analysis of the ICT infrastructures of the Federal Administration by means of an investigation plan

Objective:

To examine ICT infrastructure in the Confederation, including ICT service providers and system suppliers, for vulnerabilities.

Competent bodies:

  • Federal Department of Finance (FDF) - Federal IT Steering Unit (FITSU);
  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI), and Federal Office of Information Technology, Systems and Telecommunication (FOITT), supporting role;
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Armed Forces Command Support Organisation (AFCSO) (supporting role).

Current status:

  • As an extraordinary measure an alternative concept to the existing one will be developed. With this concept the initial approach to pursue a vulnerability analysis of the ICT system in the Confederation rather than an integral risk analysis will be pursued.

M4: Establish a picture of the situation and its development

Objective:

To provide a uniform picture of the situation in close collaboration with all of the players. All relevant information from technical analyses as well as intelligence and police sources is also incorporated into the picture.

Competent bodies:

  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI);
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Federal Intelligence Service (FIS);
  • Federal Department of Justice and Police (FDJP) - Cybercrime Coordination Unit (CYCO);
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Armed Forces Command Support Organisation (AFCSO), supporting role;
  • Federal Department of Finance (FDF) - Federal Office of Information Technology, Systems and Telecommunication (FOITT) (supporting role).  

Current status:

  • A situation analysis radar has been completed for presenting the threat situation. In the present case a content restricted version of the radar is shown with a limited number of cases as an example. The focus here is the illustration of the instrument rather than a final and precise situation analysis. In its final version this product will be provided to critical infrastructure as a monitoring instrument with sectoral adjustments.
  • The rest of the documents on this measure are classified and will not be published.  

M5: Conduct incident handling and follow up on incidents

Objective:

Development of technical skills and specialist knowledge. This includes increasing the readiness and responsiveness of all CERTs as well as the networking among them. 

Competent bodies:

  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI);
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Federal Intelligence Service (FIS);
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Armed Forces Command Support Organisation (AFCSO), supporting role;
  • Federal Department of Finance (FDF) - Federal Office of Information Technology, Systems and Telecommunication (FOITT), supporting role.  

Current status:

  • Organisational structure in GovCERT has been defined and is operational. The website has been launched at:
  • Establishment of Swiss Cyber Experts, a pool of highly specialised experts from the private sector. The website has been launched at: 
  • Other documents on this measure are classified and will not be published.

M6: Prepare a concept for an offences overview and coordination of inter-cantonal clusters of cases

Objective:

Sustainably reducing cyber risks requires efficient national and international criminal prosecution for combating cybercrime. To this end, a concept for an offences overview and coordination of inter-cantonal clusters of cases is to be drawn up by the end of 2016 in collaboration with the cantons.

Competent bodies:

  • Federal Department of Justice and Police (FDJP) - Cybercrime Coordination Unit (CYCO);
  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI), supporting role.

Current status:

  • The concept was drawn up and submitted to the federal and cantonal prosecution authorities in 2015 for consultation. The content-based input of the bodies consulted was included in the current draft plan.
  • In addition to the concept and in cooperation with the Office of the Attorney General of Switzerland, fedpol drew up a collection of 25 factsheets on forms of cybercrime. The cybercrime factsheets describe the different types
    of cybercrime, the perpetrators, the the tools used and the attack method, the attack targets and the technical complexity. These factsheets have a significant influence on the specific definition of cybercrime in Switzerland.
  • The consultation has confirmed that the prosecution authorities prefer central registration of cybercrime with a view to developing a national overview of cases. The cybercrime factsheets catalogued within the scope of measure 6 have been assimilated into the current tasks of the working group for the Harmonisation of Swiss Police Information Systems. This ensures that the uniform recording of cybercrime is possible independently of the police
    information system used.
  • In parallel to the M6 NCS conceptual work, the Conference of Cantonal Police Commanders of Switzerland (CCPCS) and fedpol are currently drawing up a national overall strategy on all aspects of pursuing cybercrime. This national overall cybercrime strategy is to cover the actual investigative work and questions to do with organisation, infrastructure and training. Part of the overall strategy should be to show in the future how the measures which stem from CYCO's basic mandate and the concept report on measure 6 are implemented and what the
    estimated resource requirement resulting from this is.
Further information:

M7: Overview of the competence-building offering and identification of gaps

Objective:

The competence-building offering for the private sector, administration and civil society has been summarised in an overview list. High-quality offerings and existing shortcomings have been identified in the training opportunities.  

Competent bodies:

  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI), Coordination Unit NCS (CU NCS);
  • Federal Department of the Environment, Transport, Energy and Communications (DETEC) - Federal Office of Communications (OFCOM), supporting role;
  • Federal Department of Foreign Affairs (FDFA) - Directorate of Political Affairs (DP), supporting role;
  • Federal Department of Home Affairs (FDHA) - Federal Social Insurance Office (FSIO), supporting role.

Current status:

Measure has been completed.

  • List of offerings has been drawn up and serves as the basis for identifying both gaps and quality offerings. User overview lists can be found at the following links:

M8: Ensure increased use of competence building offerings and close gaps in the offerings

Objective:

The use of existing competence-building offerings will be promoted and existing gaps in the offerings will be closed.

Competent bodies:

  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI), Coordination Unit NCS (CU NCS);
  • Federal Department of Economic Affairs, Education and Research (EAER) - State Secretariat for Education, Research and Innovation (SERI), supporting role;
  • Federal Department of the Environment, Transport, Energy and Communications (DETEC) - Federal Office of Communications (OFCOM), supporting role;
  • Federal Department of Foreign Affairs (FDFA) - Directorate of Political Affairs (DP) (supporting role).

Current status:

Measure has been completed.

  • Draft plan to promote training and close the gaps has been drawn up.
  • International best practices have been identified.  

M9: Internet governance

Objective:

Coordination of the interests of the authorities, the private sector and society in Switzerland concerning internet governance.

Competent bodies:

  • Federal Department of the Environment, Transport, Energy and Communications (DETEC) - Federal Office of Communications (OFCOM);
  • Federal Department of Foreign Affairs (FDFA) - Directorate of Political Affairs (DP), supporting role;
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Security Policy (SEPOL), supporting role;
  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI), supporting role.

Current status:

  • Overview of the events, initiatives and international committees concerning internet governance has been drawn up and the most important processes have been identified.
  • Priorities for Switzerland have been set and discussed.
  • Platforms for exchanges between the private sector, civil society and the authorities have been established:  
  • The Federal Council approved in spring 2016 the new strategy „Digital Switzerland“. This version replaces the strategy for an information society in Switzerland from 2012. The new version can be found under:

M10: International Cooperation in Cyber Security

Objective:

Safeguarding security policy interests in the cyber domain with respect to other countries. Aided by international relations and initiatives, Switzerland is committed to ensuring that cyberspace is not abused for the purposes of crime, intelligence gathering, terrorism or power politics.

Competent bodies:

  • Federal Department of Foreign Affairs (FDFA) - Directorate of Political Affairs (DP);
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Security Policy (SEPOL), supporting role;
  • Federal Department of Finance (FDF)- Reporting and Analysis Centre for Information Assurance (MELANI), supporting role;
  • Federal Department of the Environment, Transport, Energy and Communications (DETEC) - Federal Office of Communications (OFCOM), supporting role.

Current status:

  • The cyber international specialist group (CI-SG) of the Federal Administration was founded and has been in operation since 2014. It promotes and structures the flow of information between all of the federal units operating in international cyberspace to ensure a more coherent and effective foreign policy (download below currently only available in german).
  • In 2013, the participating states in the Organisation for Security and Co-operation in Europe (OSCE) approved an initial set of confidence-building measures (CBMs) in the field of cyber security. This is the first agreement of this type worldwide. The agreement covers in particular measures on the exchange of information with the goal of reducing the risks associated with new information and communication technologies and of improving transparency between the OSCE participating states.
  • In 2014, during its OSCE Chairmanship, Switzerland organised a conference with the goal of promoting implementation of the CBMs and to encourage negotiations on a second set of measures. The event also provided the first-ever platform for representatives of the private sector, operators of critical infrastructure and academia to incorporate their perspectives and needs. In addition, Switzerland has continued to participate actively in the negotiations on a second set of measures, which are continuing in 2015.
  • In April 2015, Switzerland took part in the 2015 Global Conference on Cyberspace in the Hague with an interdepartmental delegation under the leadership of Didier Burkhalter. Switzerland expressed its support here for an open, free and secure cyberspace. Switzerland worked closely with host country the Netherlands in the preparations for the conference and was thereby able to have a decisive impact on the final document in the areas of confidence-building measures and international law.
  • Switzerland supports capacity building in other countries. This is also in Switzerland's security policy interests in view of the high degree of interdependency in cyberspace. Switzerland supports projects in various organisations (Geneva Internet Platform, ICT4Peace and the United Nations Institute for Disarmament Research) which aim to enable all states to take part in the international processes that shape cyberspace. Switzerland is a founding member of the Global Forum on Cyber Expertise (GFCE) which aims to promote and coordinate global efforts in capacity building.
  • Moreover, Switzerland uses various events and bilateral contacts to promote its vision of an open, free and secure cyberspace. An example of this is the Track 1.5. Sino-European Cyber Dialogue supported by Switzerland which enables informal exchanges to take place between public- and private-sector representatives in Western European countries and China (first download below currently only available in german).
  • The permanent Council of the OSCE has adopted a packet of eleven confidence building measures (CBMs) in 2013. A further five were adopted on 10 March 2016. At the core of these CBMs are cooperative activities, which are designed to improve collaboration among OSCE member states. This includes regional and sub-regional Workshops, secure communication channels, in order to avoid misunderstandings, cooperation between public and private services, and the protection of critical infrastructures. Switzerland has formulated proposals together with Germany, which are reflected in the CBMs.
  • The conference series „OSCE Chairmanship-in-Office Event“, which was introduced by Switzerland in 2014 has been adopted by Serbia in 2015 and Germany in 2016 during their presidency. Switzerland supported the subsequent conferences by organizing Table-Top-Exercises. In order to strengthen international law in cyber space, Switzerland is aiming to universalize the consensus reached in 2013, which foresees that international law should also be applicable in cyber space. At the same time, it aims to promote a better understanding on how international law can be used in cyber space. A key project in regard to this is „International Law and State Behaviour in Cyberspace“ by UNIDIR. The aim of this is to draw more states in to this debate and collect different legal perspectives through global conferences.
  • The Cyber Expert Working Group of ENISA created in cooperation with Switzerland an Evaluation Framework paper:
  • The Cyber Expert Working Group of ENISA has published its Benchmarking White Paper on protection of critical infrastructures in the EU 28 plus Switzerland:
  • The Cyber Expert Working Group of the OECD in cooperation with Switzerland will also publish its "Draft Recommendation on Digital Security Risk Management for Economic and Social Prosperity: Revised Security Guidelines in autumn 2015". The guidelines were revised to include new cyber risks and reflect the current threat picture.
Further information:

M11: International initiatives and standardisation processes in the area of security

Objective:

To represent the interests of Switzerland as a business location in a coordinated manner in international bodies in the areas of security, safety and standardisation.

Competent bodies:

  • Federal Department of the Environment, Transport, Energy and Communications (DETEC) - Federal Office of Communications (OFCOM);
  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI) Coordination Unit NCS (CU NCS), supporting role;
  • Specialist authorities, supporting role;
  • Federal Department of Foreign Affairs (FDFA) - Directorate of Political Affairs (DP), supporting role.

Current status:

  • In 2015, the priority spheres of action for the coordination of international standardisation and initiatives in cyber security were defined in exchange with the players involved and the processes required for the measures were
    coordinated. The active participants in measure 11 will in future strive to hold a public workshop on an annual basis, and coordination projects will be organised in specialist groups as required. The processes and the priority spheres of action were documented and submitted to the CU NCS.

M12: Continuity management to improve the resilience of critical sub-sectors

Objective:

Based on the results of the risk and vulnerability analyses, corresponding concepts are being drawn up with possible measures to improve resilience. 

Competent bodies:

  • Federal Department of Economic Affairs, Education and Research (EAER) - Office for National Economic Supply (FONES);
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Federal Office for Civil Protection (FOCP);
  • Specialized authorities.

Current status:

  • Currently an initial draft of a range of security measures is being drawn up in the following sub-sectors: natural gas supply (FONES), power supply (FONES), air traffic (FONES), food supply (FONES), Media (FOCP), civil protection (FOCP), laboratories (FOCP), Medical care and hospitals (FOCP) and banks (FOCP).

M13: Coordination of activities, with those directly involved, and support with the relevant expertise

Objective:

Those directly concerned are supported subsidiarily by MELANI in a crisis by expertise being made available. The voluntary exchange of information by operators of critical infrastructure, ICT services providers and system suppliers will be ensured to strengthen continuity and resilience on the basis of self-help. To this end, the services which are currently available have not
only been secured but have been further expanded.

Competent bodies:

  • Federal Department of Finance (FDF) - Reporting and Analysis Centre for Information Assurance (MELANI);
  • Federal Department of Foreign Affairs (FDFA) - Directorate of Political Affairs (DP), Division of Security Policy (DSP), supporting role.

Current status:

  • To establish what requirements those directly concerned have, MELANI conducted an online survey in its closed user group. The results are currently being evaluated and form the basis for the further development and adjustment of MELANI products and services. The plan to einforce MELANI as an information exchange platform has been consolidated, adapted and will now be expanded and coordinated with the requirements of the critical sub-sectors concerning continuity management.
  • These documents are classified and will not be published.

M14: Active measures and identification of the perpetrator

Objective:

The FIS's ability to identify the perpetrators (analysis of players and the environment, and development of technical resources) were further developed.

Competent bodies:

  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Federal Intelligence Service (FIS);
  • Federal Department of Finance - Reporting and Analysis Centre for Information Assurance (MELANI), supporting role;
  • Federal Department of Justice and Police (FDJP) - Cybercrime Coordination Unit (CYCO), supporting role;
  • Federal Department of Defence, Civil Protection and Sport (DDPS) - Military Intelligence Service (MIS), supporting role.

Current status:

Measure has been completed.

  • The documents on this measure are classified and will not be published.
  • Founding of the Cyber Unit within the FIS. Its organisational structure is confidential and will not be published.
  • It was also possible to build up Cyber FIS skills and know-how and establish a broad network of contacts and information sources. The knowledge which is now available will allow the Cyber FIS Division to independently, as well as in association with AFCSO and MIS as service providers, identify cyberattacks against Swiss interests at an early stage.

M15: Plan for management procedures and processes with cyber-specific aspects

Objective:

A plan for management procedures and processes for timely problem-solving that also addresses cyber-specific aspects has been drawn up.

Competent bodies:

  • Federal Chancellery (FCh).

Current status:

Measure has been completed.

  • Plan for management procedures and processes at federal level which also takes account of cyber-specific aspects has been drawn up (download below currently only available in german).
  • Concept for crisis management in the event of cyber crises at cantonal level defined and extended in working group 3; crisis management by the Swiss Security Network (download draft below currently only available in german):
Further information:

M16: Action required in terms of legal foundations (CU NCS)

Objective:

The aim of measure 16 is to examine the applicable law to verify whether or not it contains the required basis for protection against cyber risks and to ensure that any required amendments are carried out. The administrative units are to draw up the relevant legal foundations for their task area and evaluate the need to revise and/or add to the provisions.

Competent bodies:

  • Federal Department of Finance (FDF) - Reporting and Analysis Centre for Information Assurance (MELANI), Coordination Unit NCS (CU NCS).

Current status:

Measure has been completed

  • Initial overview of urgent legislative and revision requirements regarding cyber security has been drawn up. The overview is an internal working document and will not be published.
  • Initial clarification was concluded in 2014. In addition current developments do not require coordinated regulation. The need for regulation is continuously being re-evaluated.  

Swiss Security Network (SVS)

The Swiss Security Network (SVS) is the NCS's interface with the cantons. In collaboration with the cantons, the communes and the required federal offices, the SVS’s cyber specialist group (C-SG) ensures coordination between the Confederation and the cantons in NCS implementation. It manages four sub-projects and working groups. The NCS coordination unit is a member of the C-SG and forms the link at federal level to project work with the cantons.  

Competent bodies:

  • Swiss Security Network (SVS);
  • Cantons

Current status:

WG 1 Risk analysis and prevention: A questionnaire has been drawn up on the self-assessment of cyber risks based on NCS measure 3.

WG 2 Incident Handling: Working with representatives from the Confederation and the cantons, modular processes to deal with cyber security incidents has been developed. These documents have been made available to all
the cantons.

WG 3 Crisis Management: The concept for NCS measure 15: Plan for management procedures and processes with cyber-specific aspects was expanded to take account of the cantons. This plan is to be examined using training and exercise drills. Possible scenarios for a crisis involving cyberattacks have been elaborated which are to be dealt with in the context of
a strategic seminar. A strategic seminar to evaluate the cyber crisis management concept was held on 11 June 2015 by the working group of the Swiss Security Network and chaired by the Federal Chancellery.

WG 4 Overview of cases: Furthermore, a draft of a plan to manage a national overview of cases (offences) and to coordinate inter-cantonal clusters of cases has been drawn up together with a plan to train the police corps on the topic
of cybercrime.

Last modification 13.11.2017

Top of page

https://www.isb.admin.ch/content/isb/en/home/themen/cyber_risiken_ncs/ergebnisse.html