Federal intelligence is released

For years, the cyber specialists of the Swiss secret service illegally hunted hackers. Attackers who executed or planned cyberattacks on behalf of a state were spied on from 2015 to 2020 without the necessary prior approval of the Federal Administrative Court and the authorization of Defense Secretary Viola Amherd (60, center) or her predecessor Guy Parmelin (63). , please) to catch up

Although cyber sniffing is against the law, there are no criminal consequences. The cyber officials did not deliberately break the law, but “misjudged the legal situation,” according to an external administrative inquiry, the results of which were presented by the Ministry of Defense (VBS) on Monday. In other words, the cyber specialists did not know they had done anything illegal. And so it cannot be claimed.

Bad control

The investigation was conducted by former federal judge Niklaus Oberholzer (69). He was commissioned by the DDPS after the intelligence service (NDB) noticed the law violation in the fall of 2020.

In previous years, the management apparently hadn’t noticed anything. The responsible head of department “also showed relatively little understanding of the legal requirements,” Oberholzer explained to the media. At the same time, internal controls and supervision failed. In retrospect, it was “incomprehensible” that “the management and in particular the responsible head of department (…) did not recognize the illegality of the practice that had been in place for years”.

“You should have recognized it — and intervened,” Oberholzer said. However, management only intervened when the problems in the cyber department could no longer be hidden.

According to Oberholzer, the cyber department of the FIS has undeniably been very successful, partly due to its illegal activities. “The FIS not only succeeded in recognizing and repelling cyber attacks targeting Swiss interests. He also gained a good reputation with foreign partner services for being able to provide them with information of great importance for their detection and defense against cyber-attacks against foreign interests,” he notes.

Approval process takes too long

Because the cyber officials did not get the green light from the court and the Bundesrat in advance, as they should have, they were able to act very quickly. The approval process takes several days. According to the investigative report, by then the cyberattack “should have happened a long time ago and may have caused serious damage”. The head of cyber operations of the FIS states that it is no longer possible to fight cyber attacks efficiently if the permits have to be obtained first, as required by law.

Former federal judge Oberholzer therefore recommends simplifying the entire process “significantly”. In certain cases, the cyber officials would no longer have to get the approval of the court and the Federal Council. Instead of the authority changing its practice, the law should be adapted to the practice. If that goes too far for politicians, then the process should in any case be accelerated, according to Oberholzer.

Defense Secretary Amherd has now directed the FIS to investigate and implement the recommendations. They would also feed into the revision of the Intelligence Services Act. The DDPS was not more specific. It has released only part of the administrative investigation because certain parts are classified as classified.