Federal Council wants to create its own federal office for cyber security

The Federal Council had created the National Cyber Security Center (NCSC) in 2019, which is currently located in the General Secretariat of the Federal Department of Finance (FDF). Since then, it has undergone significant development, the Federal Council wrote in a statement. Today, around 40 employees perform core tasks to protect Switzerland from cyber threats.

The NCSC supports operators of critical infrastructures in the prevention and management of security-related incidents, operates a national contact point for cyber security issues for the population and the economy. In addition, the Federal Council has designated it as a central reporting point when introducing mandatory reporting of cyber attacks.

Because cybersecurity is becoming increasingly important, the national government has now examined how the NCSC can be run as an independent organization in the future. In the end, it decided against outsourcing from the federal administration, joint operation with the cantons or even a public-private partnership.

Still a matter for the Federal Council

It has come to the conclusion that cybersecurity is so important in terms of state policy that a member of the state government should continue to be responsible for the task, the Federal Council writes. He therefore wants to make the NCSC a new federal office.

It has instructed the FDF to prepare the basis for a decision by the end of 2022 on how the future federal office should be structured and in which department it should be located. The Federal Council will then decide.

On Wednesday, the Federal Council underscored the high importance of the cybersecurity sector by deciding to create an additional 25 positions for protection against cyber risks. It did so based on the results of the effectiveness review of the previous National Strategy for the Protection of Switzerland against Cyber Risks. It took note of the corresponding report on Wednesday.

Ten of these new positions will be located in the NCSC, six in the Federal Intelligence Service, two in the Federal Office of Information Technology, two in the Department of Foreign Affairs (DFA), and five in specialized offices in the various critical sectors of energy, transportation, civil aviation, telecommunications, and health.

Too much focus on federal government and companies

Overall, the effectiveness review gives good marks to the implementation of the current national cyber strategy. For example, standards and labels have been developed together with universities to help organizations systematically test and improve their cyber security. In addition, the creation of the National Cyber Security Test Center in Zug has built up the capacity to analyze IT products in greater depth.

However, the audit also identified potential for improvement. For example, the strategy focused too strongly on critical infrastructures, large companies, and national and cantonal authorities. For SMEs, municipalities and the population, on the other hand, it had not yet achieved enough direct impact.

The findings are to be incorporated into the new national cyber strategy currently being drawn up. It is to be geared to the current threat situation. The current strategy will be completed at the end of 2022. (SDA)