TABLE OF CONTENTS
SUMMARY .................................................................................................................. 3
1
INTRODUCTION .................................................................................................. 5
2
CYBER RISKS ...................................................................................................... 9
2.1 Methods .......................................................................................................... 9
2.2 Players and motives ..................................................................................... 10
3
EXISTING STRUCTURES .................................................................................. 12
3.1 Private sector and operators of critical infrastructure .................................... 12
3.2 Confederation ............................................................................................... 14
3.3 Cantons ........................................................................................................ 21
3.4 Population..................................................................................................... 22
3.5 International cooperation .............................................................................. 23
3.6 Legal basis ................................................................................................... 23
3.7 Conclusion .................................................................................................... 26
4
SYSTEM FOR PROTECTING AGAINST CYBER RISKS................................... 28
4.1 Overriding goals............................................................................................ 28
4.2 Framework conditions and prerequisites ...................................................... 29
4.3 Spheres of action and measures .................................................................. 30
4.3.1 Sphere of action 1: Research and development .................................. 31
4.3.2 Sphere of action 2: Risk and vulnerability analysis .............................. 32
4.3.3 Sphere of action 3: Analysis of the threat situation .............................. 33
4.3.4 Sphere of action 4: Competence building............................................. 35
4.3.5 Sphere of action 5: International relations and initiatives ..................... 36
4.3.6 Sphere of action 6: Continuity and crisis management ........................ 38
4.3.7 Sphere of action 7: Legal basis ............................................................ 40
4.3.8 Coordination unit for implementing the strategy ................................... 41
2/42