Swiss National Cyberstrategy (NCS)

The Swiss National Cyberstrategy (NCS) is a comprehensive framework designed to protect Switzerland against various cyber threats and ensure the country’s cybersecurity resilience. The strategy sets out the objectives and measures with which the federal government and the cantons, together with the business community and universities, intend to counter cyber threats. A steering committee will be established to plan and coordinate the implementation of the strategy, and will also refine it. Its role is to be expanded and its independence increased.

Vision and Strategic Objectives

Vision: Switzerland aims to leverage the opportunities of digitalisation while mitigating cyber threats and their impacts through appropriate protective measures. It seeks to be one of the world’s leading centres of knowledge, education, and innovation in cybersecurity, ensuring the protection of its population, economy, public authorities, and international organisations based in Switzerland against cyber threats.

Strategic Objectives:

1. Empowerment: Strengthen Switzerland’s position as a leading center for cybersecurity knowledge, education, and innovation. Empower the population with information about cyber-risks and enhance digital service usage.
2. Secure Digital Services and Infrastructures: Implement nationwide measures to strengthen cyber-resilience, ensuring secure digital infrastructures, products, and services.
3. Effective Cyberincident Management: Develop capacities and organisational structures to identify, manage, and minimise damage from cyber incidents.
4. Combating Cybercrime: Enhance the ability to identify and prosecute cybercriminals effectively.
5. International Cooperation: Promote an open, free, and secure cyberspace through international cooperation and legal standards.

Principles

The strategy is based on several key principles:

• Risk-Based Approach: Aiming for a comprehensive approach to improve resilience against cyber threats by addressing all relevant vulnerabilities and risks.
• Joint Responsibility: Cybersecurity is a collective task involving society, the business community, and the state, implemented on federalist principles with shared responsibility.
• Subsidiary and Partnership Role of the State: The state intervenes only when necessary and works in close cooperation with private actors.
• Transparency: Ensuring transparency in implementing the strategy without compromising the effectiveness of measures.

Target Groups

The strategy explicitly addresses the following groups:

• Population: Focuses on protecting the population from cyber incidents and enhancing their digital safety awareness.
• Business Community: Aims to increase security for companies, particularly SMEs, and define their responsibilities in protecting against cyber threats.
• Critical Infrastructures: Prioritises the protection of essential services and infrastructures.
• Public Authorities: Enhances the resilience of public services and their ability to handle sensitive information.
• International and Non-Governmental Organisations: Provides support to protect against cyber threats and ensures secure conditions for their activities in Switzerland.

Measures

The NCS outlines specific measures to achieve its strategic objectives, which are organised into five main areas:

1. Empowerment:
   • Cybersecurity Education, Research, and Innovation: Promote education and training at all levels, enhance research capabilities, and foster innovation in cybersecurity.
   • Awareness Raising: Coordinate awareness-raising efforts across society to promote responsible use of digital technologies.
   • Threat Situation Analysis: Continuously assess and communicate the threat situation to inform risk-minimising measures.
   • Trends, Risks, and Dependencies Analysis: Monitor technological developments and dependencies to understand their impact on cybersecurity.
2. Secure and Available Digital Services and Infrastructure:
   • Vulnerability Detection and Prevention: Institutionalise ethical hacking, promote coordinated vulnerability disclosure, and support secure software development.
   • Resilience, Standardisation, and Regulation: Update risk analyses, promote compliance with cybersecurity standards, and examine the need for sector-specific regulations.
   • Expansion of Cooperation between Public Authorities: Enhance cooperation between different levels of government and clarify support mechanisms.
3. Effective Identification, Prevention, Management, and Defence against Cyberincidents:
   • Incident Management: Improve capabilities for detecting and managing cyber incidents and expand incident reporting.
   • Attribution: Enhance capabilities for identifying perpetrators of cyberattacks to inform political and legal actions.
   • Crisis Management: Develop and implement sector-specific and cross-sectoral cyber exercises to improve crisis response.
   • Cyberdefence: Expand capabilities for cyberdefence within the Swiss Armed Forces and the Federal Intelligence Service.
4. Combating and Prosecution of Cybercrime:
   • Cooperation between Prosecution Authorities: Strengthen cooperation and standardise processes for prosecuting cybercriminals.
   • Case Overview: Improve the systematic recording and analysis of cybercrime cases to enhance prosecution efficiency.
5. Leading Role in International Cooperation:
   • International Rules in Cyberspace: Promote international legal standards and cooperation in cybersecurity.
   • Bilateral Cooperation: Strengthen partnerships with strategic international partners and competence centers.

Implementation

The strategy includes a detailed implementation plan with defined priorities and performance indicators to monitor progress. A Steering Committee, comprising experts from various sectors, coordinates the implementation and regularly updates the Federal Council and cantons on the status and quality of implementation.

This National Cyberstrategy aims to create a resilient cybersecurity environment in Switzerland, leveraging the country’s strengths in education, innovation, and international cooperation.