On 15 May 2019, the Federal Council adopted the implementation plan for the 2018–2022 national strategy for the protection of Switzerland against cyber risks (NCS) and thereby made further decisions on the establishment of the competence centre for cyber security. At the same time, the Federal Council decided to strengthen human resources in the area of cyber risks with an extra 24 posts.
Competence centre - a key role
The implementation plan determines how the greatly intensified threat situation in the area of cyber security is to be taken into account. This planning is based on the fundamental decisions taken by the Federal Council in January this year on the organisation of the Confederation in the area of cyber risks. The competence centre agreed in this context, headed by the federal cyber security delegate, will play a key role in the implementation of the NCS. With his/her office, he/she is responsible for the coordination of the implementation work throughout the Confederation.
Involvement of cantons, business community and universities
With the creation of the competence centre, the demands from the business community and Parliament for greater centralisation of activities in the area of cyber security are being met. The implementation plan adopted by the Federal Council defines the responsibilities within the Federal Administration and describes the tasks of the parties involved. In this context, the implementation plan refers not only to the players in the Federal Administration, but also to the cantons, the business community and universities. Measures at federal level include, as a matter of priority, the development of further minimum standards in IT security, the examination of a reporting obligation for cyber incidents, the creation of an interdepartmental cyber security competence pool and the establishment of a contact point for private individuals, the authorities, the business community and universities.
To ensure that the new task areas can be competently covered, a total of 24 new jobs will be created in the offices responsible for cyber security from 2020. The Reporting and Analysis Centre for Information Assurance (MELANI) will become part of the cyber security competence centre and will receive not only human but also financial resources to provide more information on cyber risks to all companies (especially SMEs) and the general public, to warn them specifically about attacks and to support them in the event of incidents.