FIS head Markus Seiler and defense minister Ueli Maurer were criticised for the role they played in the data theft affair
Keystone
A special commission investigating a data breach which took place at the Federal Intelligence Service (FIS) in 2012 said on Thursday that Swiss intelligence seriously compromised its information security before and after the incident.
This content was published on
3 minutes
swissinfo.ch and agencies
In its abridged report, the commission blisteringly criticised the role of FIS chief Markus Seiler in the breach involving data theft. The commission found that Seiler had seriously downplayed the FIS’s role in the breach. It also criticised him for signing off on measures to prevent a similar incident from happening again when, in fact, those measures had never been taken.
In May 2012, an IT specialist at FIS stole a hard disk with sensitive data which he then wanted to sell abroad; in the end, he was unable to do so. The data thief blew his cover when he told a UBS employee that he wanted to open a numbered bank account because he was expecting a large amount of money from the sale of federal data. The banker became suspicious and notified the authorities.
Without the tip-off from UBS, FIS would not have got on to the track of the data thief within a reasonable period of time, the investigation showed. The commission said it had no reason to believe that the “at best rudimentary existing” controls at the service would have generated any evidence.
Parliament had ordered an investigation to examine FIS security controls and to explain why the service and defence minister Ueli Maurer were so slow to react. Maurer, who has since taken over the Swiss presidency, was criticised for relying solely on information provided by FIS during the first three months after the discovery of the breach. That information focused on the thief’s actions and disregarded relevant goings-on at the service.
“The inspection showed that the management of the FIS lacked a sufficient understanding of the rules the service had to observe in the area of information security,” the commission members wrote.
‘Fundamental shortcomings’
The fact that a FIS employee was able to steal a large bulk of secret data is attributable to “fundamental shortcomings” in the organisation, the commission found. It described the service’s risk management as “deficient” and said there was no indication of a systematic risk management strategy.
The report found that “before the data theft, FIS had not taken several technical and organisational measures which would have been a fundamental part of information security and which in part would also have been required by the government or by the ministry of defence.”
For example, IT specialists had unrestricted access privileges, and it was not possible to assign access only to an individual. “The prescribed security concepts for the application and systems were largely insufficient or lacking”, the commission wrote. There was also no emergency planning in case the system or data were thought to be in danger.
According to the report, the problems started when the two former intelligence services were merged. FIS subsequently had to supervise a large number of IT systems with sparse personnel resources. For the commission, this was the result of a lack of preparation.
The investigative report itself will not be published for reasons of state security. The government has until the end of October to comment on the commission’s recommendations.
You can find an overview of ongoing debates with our journalists here. Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.
Read more
More
Personal contacts remain lifeblood of espionage
This content was published on
This spy story in Geneva is said to have unfolded as follows: CIA operatives allegedly get a banker drunk and encourage him to drive his car. Then, after his arrest by the police, the agents supposedly help extricate him from a potentially sticky situation, establishing a bond that subsequently led to the banker’s successful recruitment.…
This content was published on
Well-known radio journalist and radio director Joachim Staritz – alias “Robert” – lived and worked in Switzerland for about six years in the 1980s. He had a vast network of journalists, artists and scientists. What nobody guessed was that Staritz was also working for Stasi – the security ministry of East Germany. During the day…
This content was published on
The centre’s stark concrete vaults also protect the highly sensitive information of banks and other clients from the prying eyes of governments or economic spies. ‘Trust’ is the watchword of the expanding Swiss data storage industry as it quietly carves out a highly lucrative global niche. Recent revelations of United States intelligence agency spying, coupled…
This content was published on
Swiss Foreign Minister Didier Burkhalter, while admitting that the latest reports would not make relations with the US any easier, told Swiss public radio on Monday evening that it was important to “keep calm”. Relations between the two countries are already strained over an on-going tax evasion row. Switzerland is faced with a US ultimatum…
This content was published on
But the majority of the 250 firms which took part in the study were unwilling to devote more than SFr50,000 a year towards prevention measures. According to research by KPMG Switzerland, a global provider of audit, tax and advisory services, deception offences topped the list of problems, affecting nearly half of the participants. Bribery and…
This content was published on
A clear majority on Wednesday followed the Senate in approving a convention by the Council of Europe. Opponents, mainly from the rightwing Swiss People’s Party, argued the accord on cybercrime was unnecessary. However, supporters – backing Justice Minister Simonetta Sommaruga – said illegal online activities could only be fought successfully with cross-border cooperation. The convention…
This content was published on
Despite impending changes to Swiss employment laws to toughen sanctions against unfair dismissal, Switzerland continues to beat about the bush concerning the thorny issue of workers going public with suspicions of corruption. Several cases of whistleblowers getting their knuckles rapped in the past two years appear to demonstrate that Switzerland is no place to take…
You can find an overview of ongoing debates with our journalists here. Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.