"Traditional IT security solutions are no longer enough"

The first national platform for cyber security in Switzerland started with the Swiss Cyber Security Days (SCSD) came to an end on February 28 at the Forum Fribourg. With over 2200 national and international participants over two days, attendance exceeded the organizers' expectations. The SCSD focused on the growing threats posed by cyberattacks with a trade fair and presentations featuring some 60 renowned international and national figures from politics, business and research.

Information platform for experts and users

The two-day event was initiated by Daniel Berger, former personal advisor to the Head of the DDPS and Chairman of the Board of Securserv Technologies AG. Together with experts and opinion leaders in the field of IT security, he began developing a concept in 2017. It was intended to serve as an information platform for decision-makers - especially representatives of authorities - as well as experts and, above all, users. Because in the wake of almost total networking, dealing with cyber risks is a necessity. "You have to put pressure from below so that something happens at the top," said Daniel Berger on the occasion of a media roundtable. The cyber situation in Switzerland, the development of blockchains, the risks of smart cities and the influence of the dark web were just some of the many topics discussed in Fribourg.

Top national and international specialists

The organizers succeeded in bringing renowned experts from all over the world to Freiburg as speakers and keynote speakers. Hackers such as Charlie Miller, who pointed out a number of security gaps in vehicle electronics - which, incidentally, was impressively demonstrated by Argentine security researcher Sheila A. Berta - or IT specialists such as Eugene Kaspersky, CEO of the IT security service provider Kaspersky Lab, used numerous examples to show the audience where cyber security must play a role. Shockingly, the realization: almost everywhere. "Today, we capture 380,000 new malware codes per day. In 1998, it was just 50, in 2008 already 14,500 malicious codes," said Eugene Kaspersky. And with Industry 4.0 and the Internet of Things, we are only at the beginning of potential cyberthreats, he added. "We need to protect everything," is the Russian specialist's call. Traditional IT security solutions are no longer enough. Much more, he said, it has to be about "cyber immunity." "The effort required to cause damage must be greater than the damage caused," says Kaspersky.

If the VBS also has its security gaps...

Cybersecurity affects everyone, but not to the same extent. The security needs are different and are also perceived differently. The consensus across the two days was that cybersecurity needs to be massively improved in many respects. In Switzerland alone, there are thousands of known vulnerable systems - and among them are, for example, remotely maintained machines with open interfaces to financial service providers that have not equipped their operating systems with the latest security upgrades, as explained, for example, by Nicolas Mayencourt of Dreamlab AG, a globally active company for consulting on critical IT security issues. And even security agencies are not immune to employee names and email addresses being leaked and circulating freely on the dark web.

"The state must raise awareness"

Everyone has a duty to improve cybersecurity: the state, the economy, but also individual citizens. This was also the quintessence of a panel discussion between experts and exponents from politics. The panel included Monique Morrow, President of The Humanized Internet, Damir Bogdan, Digital Transformation Advisory at Actvide, Council of States member Josef Dittli, President of SIK-S, Damian Müller, youngest member of the Council of States, and Marc Furrer, Senior Partner of Monti Stampa Furrer & Partners AG and former Bakom Director. Josef Dittli appealed to the self-responsibility of citizens, saying that the main task of the state is to raise awareness. However, he said that it is more strongly called upon than before to protect critical infrastructure and also in cyber national defense. Raising awareness of the issue, education and closer cooperation between organizations are key factors in curbing cybercrime, was another conclusion of the meeting.

Raise user awareness

Raising awareness is therefore the top priority in order to minimize the risks. For example, Mikko Hyppönen of Finland, a renowned researcher in the field of cybercrime, explained that for him, user awareness of the dangers is the most important way to ensure that cybercrime does not gain the upper hand. And cybercrime is not just a threat that affects states or businesses. The Internet can also literally put one's health at risk. Via genetic tests offered online, even personal DNA is no longer private today. The protection of health data is therefore an area that must be approached with particular sensitivity. But here, too, there are often double standards when it comes to risk awareness, as Prof. Dr. Jean-Pierre Hubaux from EPFL explained. On the one hand, the highest security standards are required for electronic patient files, while on the other hand, health data is uploaded to the Internet via wearables or fitness apps that would otherwise only be shared privately with a small circle of people...

The next Swiss Cyber Security Days will take place on February 12 and 13, 2020.