The government has signalled that it is ready to make improvements at the Federal Intelligence Service (FIS), which has been rocked by a data breach scandal, but has not taken aim at its chief.
It was reacting to a highly critical report made public in September by a special commission investigating the theft of data from the service. The report found that Swiss intelligence had seriously compromised its information security before and after the incident in May 2012.
FIS head Markus Seiler came under particular fire for his handling of the affair, and there had been calls for his resignation.
The data breach involved an IT specialist at FIS who stole a hard disk with sensitive data which he then wanted to sell abroad; in the end, he was unable to do so. The data thief blew his cover when he told a UBS employee that he wanted to open a numbered bank account because he was expecting a large amount of money from the sale of federal data. The banker notified the authorities. It took a week to arrest the IT specialist.
Parliament had ordered an investigation to examine FIS security controls and to explain why the service and defence minister Ueli Maurer – who has now taken over the Swiss presidency – were so slow to react.
The commission found that Seiler had seriously downplayed the FIS’s role in the breach. It also criticised him for signing off on measures to prevent a similar incident from happening again when, in fact, those measures had never been taken.
Also criticised were “fundamental shortcomings” in the organisation, such as “rudimentary existing controls”, “deficient” risk management and unrestricted access for some IT specialists.
An abridged version of the commission’s report was made public in September. The full report will not be published for reasons of state security.
In its precisely worded comments released on Friday, the government said it would follow most of the 11 recommendations for improvement outlined in the commission’s report and that progress was already being made in this area.
“A secret service must always weigh up the political, legal, human and technical risks it faces,” it said in a statement. The FIS, which is a result of a fusion, had assured the legality of its activities and provided a good quality service, it added.
But the fact that it had reacted slowly to the data breach meant lessons could be learned. The affair showed how difficult it was to recognize and resolve conflicts between the employer’s duties, the employee’s rights, and state security and secrecy issues, the statement continued.
No criticism was made of Seiler. Observers said that this position came as no surprise given his good political connections.
swissinfo.ch and agencies