National supply: ICT minimum standard available
Information and communication services are absolutely essential to ensure the supply of vital goods and services in Switzerland at all times. These are increasingly threatened by cyber risks. To protect against this, the Federal Office for National Economic Supply has drawn up an ICT minimum standard.
In vital sectors, the Federal Office for National Economic Supply has (BWL) conducted vulnerability analyses on cyber risks. For example, the power supply, drinking water and food supply, and road and rail transport were analyzed accordingly. Based on the results, BWL developed a minimum standard for strengthening the resilience of information and communications technology (ICT). The standard is aimed in particular at operators of critical infrastructures in Switzerland. However, it can be applied to any company, writes the BWL.
106 concrete instructions for action
The "Minimum Standard for Strengthening ICT Resilience" covers the functions "Identify," "Protect," "Detect," "Respond," and "Recover" and offers users 106 concrete action instructions for improving their ICT resilience to cyber risks. The proposed measures are organizational or technical in nature. These include requirements for creating a complete inventory for hardware and software, education and training for employees, requirements for data protection, early detection of threats, and so on.
According to BWL, the ICT minimum standard is based on the internationally recognized NIST framework and is compatible with other cybersecurity standards. Together with various trade associations, the minimum standard has already been further specified for individual industries, it is further stated. For example, a standard for the electricity industry has already been developed in collaboration with the Association of Swiss Electricity Companies (VSE).
The ICT minimum standard at a glance
The standard is divided into three parts:
1. basics: this part serves as a reference and provides information on ICT resilience.
2nd Framework: It offers users a bundle of concrete instructions for action, structured according to the five topics "Identify", "Protect", "Detect", "Respond" and "Recover".
3. assessment tool: Companies can use this to assess their level of ICT resilience.
Download the ICT minimum standard and the assessment tool at www.bwl.admin.ch/bwl/de/home/themen/ikt/ikt_minimalstandard.html