Current status: The Federal Council adopted the national strategy for the protection of Switzerland against cyber risks (NCS) on 27 June 2012 and its implementation plan (IP NCS) on 15 May 2013.
The strategy sets out 16 measures for its implementation:
Measure 1: Identify cyber risks by means of research
Measure 2: Risk and vulnerability analysis
Measure 3: Vulnerability analysis of the ICT infrastructures of the Federal Administration by means of an investigation plan
Measure 4: Establish a picture of the situation and its development
Measure 5: Incident analysis and follow-up
Measure 6: Concept for an offences overview and coordination of inter-cantonal clusters of cases
Measure 7: Overview of the competence-building offering
Measure 8: Increased use of competence-building offerings and closing of gaps in the offerings
Measure 9: Internet governance
Measure 10: International cooperation in cyber security
Measure 11: International initiatives and standardisation processes in the area of security
Measure 12: Continuity management
Measure 13: Crisis management
Measure 14: Active measures and identification of the perpetrator
Measure 15: Plan for management procedures and processes with cyber-specific aspects
Measure 16: Action required in terms of legal foundations
The measures are being addressed under 4 different lines of action:
- Prevention (M2, M3, M4)
- Response (M5, M6, M14)
- Continuity (M12, M13, M15)
- Support processes (M1, M7, M8, M9, M10, M11, M16)
National Cyber Security Strategy
|Year of adoption||The Federal Council adopted the national strategy for the protection of Switzerland against cyber risks (NCS) on 27 June 2012 and its implementation plan (IP NCS) on 15 May 2013.|
|Updates and revisions||At the moment Switzerland is working on the implementation of the 16 measures mentioned in the strategy. A few measures are already implemented. However Switzerland is still working on the bigger part of the strategy and all measures have to be implemented by the end of 2017, at the latest.|
|Implementation and monitoring||
The Federal Council is the officially recognized institution responsible for implementing a national cybersecurity strategy, policy and roadmap. To coordinate the implementation work, the Federal Council appointed the coordination unit (CU NCS), which is part of the Reporting and Analysis Centre for Information Assurance (MELANI) within the Federal IT Steering Unit (FITSU). Moreover, the Federal Council instructed an NCS steering committee (NCS SC) to support implementation with strategic controlling.
Main measures related to businesses
MELANI provides officially recognized national or sector-specific programs for sharing cybersecurity assets within the public and private sector.
|Date of last WISER analysis||
Current status: NIS Directive and national CERTs/CSIRTs
Computer security incident
response teams (CSIRTs)
|Switzerland has an officially recognized national GovCERT.ch which is part of MELANI a legally mandated institution aimed to protect information infrastructures in Switzerland.|
The national cybersecurity strategy will provide various types of educational and professional training programs for raising awareness with the general public, promoting cybersecurity courses in higher education and promoting certification of professionals in either the public or the private sectors, when it is fully implemented (by the of 2017).
Concerning monitoring and response, the competence centres for analysing malware (e.g. GovCERT.ch, CISIRT-FOITT, milCERT-DDPS) were expanded over the last last years to ensure ongoing readiness. Moreover, it will be possible to call on the specialist knowledge of the "Swiss Cyber Experts" association in the event of complex and technically demanding cyber incidents in the future thanks to the cooperation agreement concluded in 2014 between the association and MELANI.
|Report an incident|
|Date of last WISER analysis||November 2016|