New ICT security procedures
On 1 July 2015, the Federal Council approved a revision of the directives on the security of ICT projects in the federal administration. A review process will now be applied to reduce the risk of spying by ICT providers instrumentalized by intelligence services when procuring for the federal administration. The new directives will come into force on January 1, 2016.
The intelligence services of a wide variety of states pursue a comprehensive Strategy of information procurement. These intelligence services can oblige the ICT industry in their country not to comply with contractually stipulated and legally prescribed secrecy obligations. In view of this threat assessment, service providers that have a non-Swiss domicile or that are dangerously dependent on foreign countries can no longer be considered ICT security partners as they have been in the past. They must be intensively scrutinized and, if necessary, completely excluded from the procurement of critical services.
Testing process anchored in the ICT security instructions
For this reason, on 29 January 2014 the Federal Council instructed the Federal Department of Finance (FDF), together with the departments and the Federal Chancellery, to draw up principles for ICT service provision in the federal administration, to ascertain the need for protection in view of instrumentalized ICT providers, to define any protective measures and to coordinate these with the procurement procedure. For the implementation of these mandates, the Federal IT Steering Unit (FITSU) in the FDF has drawn up an audit process, which will be anchored as a new security requirement in the directives on ICT security in the Federal Administration (WIsB) and will come into force from 1 January 2016.
Procurement law measures are reviewed
The review process defines criteria for identifying risk-relevant ICT procurements. It also specifies how the various security-related, organizational and sensitive procurement law protective measures are to be applied. The Federal Council has also instructed the Federal Office for Buildings and Logistics (FOBL) to examine an exemption rule for the procurement of particularly critical ICT services for the Confederation, including in the civil sector, as part of the revision of the BoeB. In doing so, the possibilities of state protection are to be taken into account, as provided for in the overarching international agreement on public procurement.
Press release Federal Department of Finance