An internal audit report reveals holes in the DDPS’s cyber defenses: Reports of possible hacker attacks continue to circulate for weeks

class=”sc-cffd1e67-0 iQNQmc”>

Imagine this: a criminal hacker group is trying to gain access to federal systems. A Defense employee (VBS) clicks on the link of the suspicious email. But he only reports and records the whole thing weeks later in a kind of Excel file for his unit.

Reports of so-called information security incidents – such as security gaps, threats, breaches or even cyber attacks – remain with the DDPS for days or even weeks. And this despite the fact that, according to regulations, incidents must be reported “immediately” to the responsible authority. This is evident from a recently published report.

At the end of 2023, the DDPS internal audit department checked the state of cybersecurity in the department – ​​the report was not so good. According to the accountants, there is a lack of efficient communication between administrative units, the correct recording of incidents and their rapid forwarding.

Criticism of inefficient recording and forwarding of notifications

Last year, several cyber attacks highlighted the security risks for Switzerland. In May, the ransomware group Play attacked the IT company Xplain, which produces software for numerous authorities, such as the Federal Police Office (Fedpol) and migration agencies. Addresses of federal councilors and police officers or hooligan lists ended up on the darknet.

In November, criminals again attacked a federal and cantonal software provider called Concevis. As with Xplain, the federal government had not checked whether the company met IT security requirements.

The accountants write in the report that the number of cyber attacks has almost doubled in the past two years. The larger incidents – in which the DDPS or parts thereof were affected – showed that the incident management processes still need to be set up: “The audit showed that reports were sometimes communicated and recorded in the central register with a delay of several days or weeks. I’ve been.” However, in order to respond quickly, immediate recording is essential.

They are also critical of the inefficient recording and forwarding of reports. Complete reporting requires ‘time-consuming manual work steps’. Data consolidation, coordination and reporting are mainly done manually. Translated, this means: The data is collected individually and entered manually instead of using software; the exchange takes place in person or via email. This is inefficient and error-prone. The employees are insufficiently trained.

“Data quality does not yet meet the requirements”

Security reports are also processed decentrally. Each administrative unit uses its own system for this. In their statements, federal offices complain about the lack of coordination and inadequate sharing. The auditors: “The current interim solutions have many limitations and the data quality does not yet meet the requirements.”

In a letter, Federal Councilor Viola Amherd (61) obliged the heads of the DDPS to take several measures recommended by the auditors: they must, among other things, improve the quality of reporting and data, increase employee awareness and training, and improve their skills increase “digital preparedness” and have it regularly checked by an independent body.

The DDPS writes that work is underway to implement the recommendations. Employees are already being trained. “This is now being strengthened, especially in the area of ​​information security.” Exchanges with federal agencies will also be intensified. However, a uniform, digital solution is still a long time coming: a new recording system will not be available until 2025.

Source:Blick