NCS implementation on track
The Federal Council has taken note of the 2014 annual report of the Steering Committee on the implementation status of the "National Strategy for the Protection of Switzerland against Cyber Risks (NCS)". The annual report provides an overall view of the implementation work and informs about the achieved goals of the measures.
The 16 measures are to be completed by the end of 2017. Every year, the Steering Committee submits NCS the Federal Council a Report on the progress made.
Important goals achieved, first measures completed
In 2014, the first important goals and milestones were achieved according to plan. Two measures have already been completed: an overview of the relevant legal bases in the cyber area and a concept for management procedures and processes to be used in the event of cyber incidents. Another important success was achieved by establishing the "Swiss Cyber Experts" competence network, a public-private partnership of the federal government and the private sector for cooperation in dealing with serious cyber incidents. Within the Confederation, the newly established Cyber NDB division in the Federal Intelligence Service (FIS) will make it easier to identify perpetrators in the future. In addition, the existing centers of expertise for analyzing malware (CERTs) have increased their readiness and staying power.
Among the measures currently being implemented, it should be noted that some operators of critical infrastructures have carried out risk and vulnerability analyses regarding cyber risks and, based on the results, it has been possible to initiate the conceptualization of continuity management. Likewise, work on the creation of a situation picture is proceeding according to plan. International cooperation at bilateral and multilateral level has also been significantly strengthened, particularly in the context of the confidence-building measures of the OSCE, which Switzerland chaired in 2014.
Effectiveness review in progress
The activities arising from the NCS to protect against cyber risks must be periodically adapted to the changing threat landscape and also continued beyond 2017. In order to review the effectiveness of the individual measures, a corresponding analysis will be prepared in the course of 2015 and 2016. This is to be presented to the Federal Council in the form of a comprehensive final report in spring 2017.
Decentralized but coordinated NCS implementation
With the NCS, the Federal Council has set three main strategic goals: the early detection of threats and dangers in the cyber domain, increasing the resilience of critical infrastructures and the effective reduction of cyber risks. This results in a broad spectrum of measures, which are processed decentrally by the responsible organizational units. The NCS coordination unit, located at the Reporting and Analysis Centre for Information Assurance (MELANI), coordinates the work at the operational and technical level. Strategic responsibility is borne by the NCS Steering Committee appointed by the Federal Council, which is made up of representatives from all the departments involved. To ensure that implementation proceeds in a coordinated manner and that the strategic goals are achieved on time, the NCS coordination office has defined milestones with the responsible federal agencies and recorded them in a roadmap.
Press release Bundesrat
