Switzerland remains under-resourced in the fight to repel the almost “daily” cyberattacks targeting government and business, according to Defence Minister Guy Parmelin. The state must compete harder to recruit the best specialists, he said.
A year-and-a-half after the RUAG case – when Russian hackers infiltrated the databases of the Swiss state-owned defence contractor – resources for dealing with cyberattacks remain a work in progress, Parmelin told the Tages-Anzeiger and Der Bund newspapers on Monday.
Currently, there are about 50 positions in the defence ministry working on cyberdefence; “not enough” for Parmelin. He wants to triple the figure by 2020.
In addition, the army, criticised earlier this year for a “disjointed strategy” in dealing with cyberattacks, now aims to train 50 specialists each year, many of whom he hopes will then remain working in state roles.
However, competition with big (and high-paying) firms such as Google remains a problem. “Every year, ETH Zurich trains around 250 IT specialists,” he said. But “200 of them go directly to Google”.
Asked how he would solve this problem, he reckoned salary increases were not the sole solution. Rather, he said, it could be a question of tackling the tension between the freedom and autonomy that these “cyberwarriors” seem to want as employees, and the strict framework provided by the defence forces.
“We can become more open and flexible,” he said.
He also mentioned the possibility of deeper collaboration with private firms – “both sides could benefit from this” – but didn’t elaborate on how such a scheme would function.
A needed boost
Cyberattacks have risen markedly in Switzerland in recent years.
Last year, 14,033 cybercrime cases were reported to police in Switzerland, compared with 11,575 in 2015 and 5,330 in 2011. A KPMG surveyexternal link released in May 2017 found that 88% of Swiss companies had experienced cyberattacks the previous year, compared with 54% in 2016.
This may be just the tip of the iceberg. Individuals worried about compromising material and companies wary of reputational risk often neglect to report hacking instances, analysts say.
And though larger firms are often more aware and prepared for the risks, small and medium-sized businesses are frequently vulnerable, something that Parmelin also alluded to.
“In Switzerland, we are sometimes a bit naïve in this respect,” he said. “Many believe that cyberwarfare takes place elsewhere. I’m afraid that’s not correct.”
swissinfo.ch and agencies/dos