The National Cyber Security Centre
The National Cyber Security Centre (NCSC) is the Confederation's competence centre for cybersecurity and thus the first contact point for businesses, public administrations, educational institutions and the general public for cyberissues. It is also responsible for the coordinated implementation of the 2018-2022 national strategy for the protection of Switzerland against cyber-risks (NCS).
Cybersecurity has grown hugely in importance at all levels in recent years. It plays a key role in national and international foreign and security policy, and is increasingly becoming an important factor for the general public and Switzerland as a business location. By creating the NCSC, headed by the Federal Cyber Security Delegate, the Federal Council aims to support the population, businesses, educational institutions and public administrations in protecting against cyber-risks, as well as to improve the security of its own systems.
The Ordinance on Protecting against Cyber-Risks in the Federal Administration (CyRO) adopted by the Federal Council entered into force on 1 July 2020. It provides the legal basis for the creation and expansion of the NCSC, and regulates the structure, tasks and responsibilities of the authorities involved.
The Reporting and Analysis Centre for Information Assurance (MELANI), together with the national Computer Emergency Response Team (GovCERT), is being integrated into the NCSC as a technical expertise hub and will be expanded further.
The newly created national contact point receives cyberincident reports, analyses them and provides those submitting reports with an assessment of the incident, as well as recommendations on how they should proceed.
Within the Federal Administration and after consulting the services concerned, the NCSC can take the lead when dealing with a cyberincident if it jeopardises the proper functioning of the Federal Administration. It maintains a pool of experts to support the specialist units in developing and implementing cybersecurity standards. Moreover, as the federal ICT security specialist unit, the NCSC issues cybersecurity specifications within the Federal Administration, checks compliance with them and helps service providers to eliminate vulnerabilities.
The organisational development of the National Cyber Security Centre must accommodate the demands for greater centralisation, while at the same time using existing skills and know-how wherever possible. The following three measures are designed to meet these demands.
- The office and the national contact point should be accorded sufficient importance to allow the National Cyber Security Centre to become fully effective and be taken seriously as the central point of contact via active communication and a well-developed service offering for businesses and the general public.
- In particular, the pool of experts should be available to the specialist offices in the various sectors, thereby ensuring that sector-specific know-how and legal powers can be supplemented with specialist knowledge in cyber matters, as necessary and on a project-specific basis.
- Finally, the National Cyber Security Centre should work closely with units in which specialist knowledge and capacity for specific cybersecurity tasks is available. This cooperation should prevent the duplication of skills that already exist elsewhere, but it should also ensure that the units involved coordinate their activities and work closely with the Centre.