In the wake of several major cyber security attacks, the government has released minimum standards for companies and organisations to help protect the country’s critical energy, food, and water infrastructure. Some critics question whether a minimum standard goes far enough as basic services become increasingly dependent on digital technology.
The Minimum Standard for ICT Resilienceexternal link launched by the Federal Office for National Economic Supply (FONES) on Monday includes 106 concrete actions covering technical measures as well as recommendations on improving internal organisation and prevention systems. It is described as a decision-making guide with advice and instructions for detecting and responding to hacking quickly and decisively.
As explained in the Minimum Standard, increasing digitalisation in many aspects of life can unlock tremendous economic and social potential but can also present new threats. Individual businesses and organisations have a responsibility to protect themselves. “However, wherever the functioning of critical infrastructures is affected, the state also has a responsibility, based on its remit as laid down in the Federal Constitution, and on the National Economic Supply Act.”
The Minimum ICT Standard was released just as the Attorney General’s Office suspended criminal proceedings in connection with the cyberattacks carried out against government-owned defence firm RUAG in 2014. The government has not been able to identify the source of the attacks but insisted that none of the information stolen compromises national security.
In a press conference, Werner Meier of the Economy Supply office, explained that, “with this standard, we can detect an attack faster. RUAG didn’t notice something had invaded the system for some time. We hope to improve that.”
How serious is the threat of an attack on the country’s infrastructure? Meier said that, “we are attacked daily.” However, he did not want to say how vulnerable the country’s critical infrastructure is to attack. Speaking to the Swiss news agency, cybersecurity expert Reto Häni cautions against a deceptive feeling of security. "If someone wants to enter a computer system, they will succeed," he said.