The Bundesrat on Friday approves the notice on the amendment of the federal law on information security at the federal level and approved by the federal councils (National Council and Council of States).
According to a statement, the consultation showed “broad support for the proposal”. The introduction of a reporting obligation is seen as an important step towards improving cyber security in Switzerland.
What must be reported?
The duty to report will only be introduced for cyber attacks committed by unauthorized persons on vital infrastructures with (criminal) intent.
And another restriction: only cyber-attacks that have “serious consequences” may be reported, for example by “threatening the functionality of critical infrastructures”.
But it doesn’t matter if the attack was carried out by an insider threat (such as company employees) or by outside hackers.
What is the purpose of reporting?
What’s next?
It is now up to the federal parliament to act.
Then the Bundesrat wants to introduce the reporting obligation “as unbureaucratically as possible” and “without much extra effort”, as he writes in the current communication.
That National Cyber Security Center (NCSC), which is intended as a central reporting point for cyber attacks, will provide an electronic report form. As a result, reports can be easily recorded and, if desired, forwarded directly to other departments.
Why is this necessary?
According to the Federal Council, the population, governments and companies are exposed to the risk of a cyber attack on a daily basis. There is currently no overview of which attacks took place where, because reports to the NCSC were only made on a voluntary basis.
Due to the notification obligation, all operators of critical infrastructures must in future participate in the exchange of information and thus contribute to early warning.
In 2021, approximately 22,000 cases of cybercrime will have been reported to the NCSC, about twice as many as in 2020. However, many of the reported incidents are traced attempted attacks and not successful attacks.
Can hacker attacks also be reported voluntarily?
Why, sure.
Despite the introduction of the reporting obligation, it is still possible to voluntarily report ‘cyber incidents’ and IT vulnerabilities to the federal government. This option is open to everyone and is not limited to critical infrastructures.
Today, Switzerland only has reporting obligations for functional failures in individual economic sectors, but no general reporting obligation for cyber attacks.
How does the federal government intend to further strengthen cybersecurity?
Given the growing importance of cyber security for the economy and society, the Federal Council wants to set up a separate federal office for this.
The Federal Council established the National Center for Cybersecurity (NCSC) in 2019, which is currently located in the General Secretariat of the Federal Ministry of Finance (FDF).
Sources
- admin.nl: The Federal Council passes on the message about the obligation to report cyber attacks on critical infrastructures
(dsc/sda)
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
