class=”sc-29f61514-0 jbwksb”>
The cyber attack on the IT company Xplain at the beginning of June grew into a scandal. Because the company from Interlaken BE had hoarded numerous data from the Federal Police (Fedpol) and Customs – presumably illegal and probably partially unencrypted.
Both authorities filed criminal charges against unknown persons; both a GPK subcommittee and the federal data protection officer have begun investigating the processes. The federal prosecutor’s office has opened criminal proceedings and the state government has created a crisis management team called “data outflow” – all departments are involved.
It was also announced on Friday that the financial department led by Karin Keller-Sutter (59) has now initiated administrative proceedings. An independent party must determine where and why federal security requirements have been poorly implemented.
Detailed security positives from the Federal Police
Given all this investigative work, the question also arises of what data is involved that everyone can now download on the Darknet: Officially, the federal government speaks vaguely about a “large amount of data” and “operative data”. But the real answer is much more troubling, as research from SonntagsBlick shows. Accordingly, the numerous documents include the federal police’s detailed security arrangements for foreign state guests, as well as for diplomatic missions and their personnel.
For example, measures for the American diplomatic corps stationed in Bern are now freely accessible online. Any crook can get a sense of what the Confederation is doing to protect the Ukrainian branch in Bern. Affected are states with sensitive security requirements, such as the monarchies of Israel or the Arabian Gulf.
The list of lost secrets is even longer: in addition, there are security measures for magistrates and senior administrative employees of the federal government, as well as devices for securing buildings and other objects. Criminals – or even the curious – can easily see the names, addresses and threat level of sensitive facilities on the dark web.
Also in the hands of the hackers – and downloadable at any time – are so-called Red Notices from Interpol. These include attempts at arrest and extradition, as well as notices to be sent to Swiss authorities – all cases involving suspected serious criminals.
Credentials stolen?
But that’s not all: Authorities are currently investigating indications that credentials from individual IT systems in several federal offices have been lost.
About half a dozen federal offices use Xplain IT solutions. The departments involved have blocked these accesses and all updates have been stopped.
Florian Schütz (41), the director of the new federal cybersecurity office, explains to SonntagsBlick: “So far there is no evidence that anyone wanted to access a system with the published information.”
Possible new editions
In 2021, the federal government recorded 2,372 contracts with IT service providers – an order volume of more than 50,000 francs. For the past two years, these companies have had to report every cyber attack. Whether further security measures will be necessary in the future is currently being analysed. Schütz: “We are now looking at all contracts: are the due diligence clauses when handling data clearly formulated?”
Possible new requirements are mandatory encryption of all data or a so-called audit right in the contracts. The Confederation would then be able to regularly monitor the data processing of the respective IT service providers on site.
Federal finances also play a role in these considerations. “The more secure a system, the more expensive it is to maintain,” says Schütz. It’s a trade-off. One thing is clear: “There is no such thing as absolute security.”
Outsourcing is problematic
What worries experts is the general practice of outsourcing in the federal government to private individuals: when the state outsources IT services in sensitive areas, it opens the door to espionage. A third country could secretly set up an IT company in Switzerland based on the Xplain model and undercut the CHF 230,000 threshold in tenders, allowing the award to be made in secret. After the contract, confidential and secret information could be collected without major obstacles.
The case is also unfortunate for Swiss foreign policy: the Federal Council has just rejected the export of 96 Leopard tanks from Italy to Germany, which has caused the Confederation much misunderstanding in the West. Foreign Minister Ignazio Cassis (62) instead promotes the policy of good offices and wants to establish the country as a mediator and venue for conflict resolution. However, trust is paramount. If the national protection measures are exposed afterwards, for example at the Ukraine conference in Lugano TI 2022, it is not necessarily confidence-inspiring.
Especially Fedpol, led by director Nicoletta della Valle (62), is under pressure. Alfred Heer (61), National Councilor of the Zurich SVP, as chairman of the GPK subcommittee responsible for the Ministry of Justice, was the first to raise the matter in parliament. He calls for “prompt and complete clarification,” Heer told SonntagsBlick. “We are dealing with a failure in the federal government that touches the deepest core of security, so that personnel consequences are inevitable.” The pressure on the federal police must not diminish in the near future.
Do you have any clues for explosive stories? Write to us: [email protected]
Do you have any clues for explosive stories? Write to us: [email protected]
Source:Blick
I am Liam Livingstone and I work in a news website. My main job is to write articles for the 24 Instant News. My specialty is covering politics and current affairs, which I’m passionate about. I have worked in this field for more than 5 years now and it’s been an amazing journey. With each passing day, my knowledge increases as well as my experience of the world we live in today.
