National strategy for the protection of Switzerland against cyber risks – NCS implementation plan
Contents
Introduction ............................................................................................................... 4
Implementation organisation ................................................................................... 5
Organisation of the Confederation in the area of cyber risks........................................... 5
Cooperation between the Confederation, the cantons, the business community and
universities ............................................................................................................. 6
Cooperation at the politico-strategic level............................................................................... 7
NCS Steering Committee as a joint project management body .............................................. 7
Direct cooperation at operational level ................................................................................... 7
Legal basis ................................................................................................................. 8
Strategic controlling and reporting ......................................................................... 8
Implementation plan structure ................................................................................. 8
Implementation roadmap ........................................................................................ 10
Implementation plan ............................................................................................... 13
Skills and knowledge building .......................................................................................... 13
Early identification of trends and technologies, and knowledge building (M1) ...................... 13
Expansion and promotion of research and educational competence (M2) ........................... 15
Creation of a favourable framework for an innovative ICT security sector in Switzerland
(M3) ....................................................................................................................... 18
Threat situation .................................................................................................................. 21
Expansion of capabilities for assessing and presenting the cyber threat situation (M4)........ 21
Resilience management .................................................................................................... 24
Improvement of the ICT resilience of critical infrastructures (M5) ......................................... 24
Improvement of ICT resilience in the Federal Administration (M6) ....................................... 26
Exchange of experience and creation of foundations for improving ICT resilience in the
cantons (M7) .......................................................................................................... 29
Standardisation / regulation.............................................................................................. 31
Evaluation and introduction of minimum standards (M8) ...................................................... 31
Examination of a reporting obligation for cyber incidents and decision on introduction (M9) 33
Global internet governance (M10) ........................................................................................ 34
Development of expertise among specialist offices and regulators (M11) ............................ 36
Incident management ........................................................................................................ 38
Development of MELANI as a public-private partnership for critical infrastructure operators
(M12) ..................................................................................................................... 38
Development of services for all enterprises (M13) ............................................................... 40
Cooperation between the Confederation and relevant units and competence centres (M14) 42
Processes and foundations for federal incident management (M15) .................................... 43
Crisis management ............................................................................................................ 45
Integration of competent cyber security offices into federal crisis teams (M16) .................... 45
Joint crisis management exercises (M17) ............................................................................ 46
Prosecution ........................................................................................................................ 49
Cybercrime case overview (M18) ......................................................................................... 49
Network for Investigative Support in the Fight against Cybercrime (M19) ............................ 51
Training (M20) ..................................................................................................................... 51
Central Office for Cybercrime (M21) .................................................................................... 52
Cyber defence .................................................................................................................... 53
2/79