The National Cyber Security Centre (NCSC) will become a federal office
The Federal Department of Finance (FDF) has the task of drawing up proposals by the end of 2022 concerning the structure of the new office and the department to which it will be attached.
In recent years, cyber security has become increasingly important at all levels. Already in 2019, the Federal Council laid a fundamental foundation for this by creating the NCSC, which is attached to the FDF General Secretariat. In addition to the expansion of the technical service GovCERT, a vulnerability management and a contact service that collects reports on cyber incidents from the population, authorities and companies were developed. With about 40 employees, the NCSC fulfils the central tasks in the area of protecting Switzerland against cyber threats and supports the operators of critical infrastructures in the prevention and resolution of incidents, manages the contact service for the private sector and the population in all questions concerning cyber security, and again, in view of the introduction of the obligation to report cyber attacks, the Federal Council will designate it as the central reporting service.
Gianluca Tirozzi: “This is how bitCorp will conquer metaspace!”
Association founded to increase the cyber-resilience of the Swiss financial centre
Growing importance of cyber security
Cyber security is becoming increasingly important, which means that the tasks of the NCSC are also becoming more extensive and important. The Federal Council considered various options such as separation from the central federal administration, joint management with the cantons or transformation into a public-private partnership. It came to the conclusion that, as an important task in state policy, cyber security should continue to be managed directly by a federal councillor by strengthening the NCSC and transforming it into a federal office.
The Federal Council has instructed the FDF to draw up proposals for the structure of the new office and the department to which it will be attached by the end of 2022.
National Strategy against Cyber Risks
The Federal Council took cognizance of the report on the effectiveness review of the National Strategy for Protecting Switzerland against Cyber Risks (NSCP) 2018-2022 and decided to increase resources by creating an additional 25 posts in this area.
The implementation of the current SNPC will end at the end of 2022. In the meantime, the Strategy will be updated and adjusted according to the threat situation. The basis for this work is the effectiveness review of the SNPC in the second half of 2021.
The implementation is proceeding according to plan and has so far yielded very good results: in cooperation with the universities, for instance, standards and quality seals have been developed, which allow organisations to systematically check and improve their cyber security. Thanks to the establishment of the National Cyber Security Testing Institute in Zug, nationwide expertise is now being developed for the in-depth analysis of IT products. In addition, as part of the project to introduce mandatory reporting of cyber attacks, the federal government has also drawn up a proposal to improve cyber security through regulatory measures. The involvement of numerous representatives of cantons, business circles and universities is crucial for the success of the SNPC, both in the drafting phase and in its implementation.
Recommendations for further development
In order for the future Strategy to have an even better effect, the results of the report on the effectiveness review of the SNPC 2018-2022 will be taken into account in its work. The latter shows, for example, that the Strategy focuses too much on critical infrastructure, large companies as well as national and cantonal authorities, while for SMEs, municipalities and the population the direct effects are still too limited. The experts also identified potential for optimisation in the management of implementation. Governance must be adapted so that priorities and new measures can be decided quickly and flexibly in the future.
Wirksamkeitsüberprüfung «Nationale Strategie zum Schutz der Schweiz vor CyberRisiken 2018 bis 2022»
Based on the results of the effectiveness review, the Federal Council decided to further increase resources for the protection against cyber risks. To this end, it authorised the creation of 25 posts, ten at the National Cyber Security Centre, six at the Federal Intelligence Service, two at the Federal Office of Information Technology and Telecommunication, two at the Federal Department of Foreign Affairs, and five at specialised offices in various critical areas (energy, transport, civil aviation, telecommunication and health). The prerequisites for the new SNPC are therefore in place. The new strategy will also be elaborated in close cooperation with various experts and will form the basis for a joint, effective and coordinated protection of Switzerland against cyber threats.
NCSC semi-annual report on the most important cyber incidents in Switzerland and abroad in the second half of 2021
Various third-party suppliers and providers are involved in the production of goods and services today. Attacks on individual suppliers or bidders can have serious repercussions on the entire supply chain (e.g. blocking of production), such as the well-known case of the software company Kaseya in the middle of 2021. Also in Switzerland, a DDoS attack against a hosting provider caused temporary disruptions on various websites in the city and canton of St. Gallen.
Increasingly frequent fraud cases
In the six months under review, the NCSC received a total of 11,480 reports of cyber incidents, many of them involving different types of fraud. In most cases, these were e-mails sent in the name of prosecuting authorities. Advance payment scams, investment scams, CEO scams, and ad-related scams were also reported. Hackers are acting in an increasingly targeted and complex manner. Before taking action, they spend time with the victim in order to gain his trust.
Ransomware and data leakage
Also in the second half of 2021, there were numerous ransomware attacks, with which attackers encrypt data and then demand a ransom. Increasingly, hackers resort to double extortion and copy data before encrypting it, in order to have more leeway and exert more pressure. If the victim is unwilling to pay the ransom, they threaten to publicly disseminate the data.
Vulnerabilities in software components
Software is often developed using existing components such as libraries or open source code. However, there may be vulnerabilities in these components, which, when found, must be fixed in all products containing the component in question. This problem emerged in December 2021 with the critical vulnerability in the popular Java library Log4j.
Phishing remains trendy
Since the start of the pandemic, the NCSC has received numerous reports of phishing attacks launched via messages (e-mails or text messages) announcing the imminent arrival of a package or delivery problems. Phishing attempts against webmail and Microsoft 365 (formerly Office 365) were also reported. Access data obtained in this way are often used to forge invoices. Among the most widespread ploys are also e-mails in which self-styled Internet service providers attempt to trick the victim into believing that an invoice has been paid twice.
Source: FDF General Secretariat efd.admin.ch