Cybersecurity has become more and more important at all levels in recent years. It is a key factor for Switzerland’s attractiveness as a business location and in its citizens’ digital security. It also plays a crucial role in national and international foreign and security policy. Guaranteeing cybersecurity has therefore become a fundamental responsibility for the federal government. The Federal Council has recognized by turning the National Cyber Security Centre into a federal office. However, its core responsibilities remain the same. The Federal Office for Cyber Security (BACS) will continue to be the first point of contact for businesses, public services, educational institutions, and the general public when it comes to cyber issues. It is responsible for coordinating and implementing the national cyber strategy (NCS). Its operational activities help make Switzerland more resilient to cyber attacks.
The cyber threat landscape
The BACS receives reports from the public, businesses, operators of critical infrastructure, and its national and international network of partner organizations. This information gives the BACS a good overview of the current cyber threat landscape. With this overview, it can issue specific briefings and warnings to the relevant target groups.
The BACS also uses the findings from its operational activities to raise awareness. These activities are aimed at private individuals, companies, and public bodies. It coordinates these efforts with numerous partners, such as Swiss Crime Prevention (SCP) and the Lucerne University of Applied Sciences and Arts. In addition, the BACS runs nationwide campaigns. Its staff constantly evaluate and review all its efforts to make them more effective.
Protecting critical infrastructure and reducing vulnerabilities
One of the BACS’s core tasks is to support operators of critical infrastructure in protecting themselves against cyber threats. To this end, it provides tools and resources that increase the cybersecurity of the infrastructure and its users. This includes providing technical information on IT infrastructures that malicious actors are misusing, for example to distribute malware or operate phishing websites. The BACS’s Computer Emergency Response Team (GovCERT) supports operators of critical infrastructure in dealing with cyber incidents. Since the end of September 2021, the BACS has also been the official contact for reporting security vulnerabilities in Switzerland. MITRE, an international non-profit organization devoted to cybersecurity, has also authorized the BACS to assign CVE numbers. MITRE uses these numbers to identify common vulnerabilities and exposures. As a MITRE partner organization, the BACS is responsible for publishing the reported vulnerabilities in a coordinated manner. It thereby plays a crucial role in minimizing the harm that threat actors can cause due to these vulnerabilities.
Overview of the reports received in 2023
Last year, the BACS — under its former name, the NCSC — received a total of 49,380 reports. That is a significant increase of 30 percent on the previous year. Reports of various forms of fraud topped the list again (around 30,000 reports last year). These forms of attack may include emails that appear to be from the authorities. Scammers often misuse the names of current Federal Councilors in such attacks to make their messages appear more credible. Other examples include bogus messages about undeliverable parcels and investment fraud. The BACS also observed the first attempted attacks using artificial intelligence. In addition, fraudsters occasionally wrote phishing emails in Swiss German, particularly in classified ad fraud. Ransomware attacks have been a major area of work for the BACS (and its predecessor) for several years. In May 2023, one of the federal administration’s IT service providers was the victim of a ransomware attack. The attackers first stole data from the company. They then published the information on the dark web. Data from the federal administration was among the information released. The administration immediately analyzed the leaked data and released a detailed report on it. It also launched an administrative investigation, which concluded at the end of April. These kinds of attacks on service providers show how important it is to take preventive steps against cyber attacks. With these threats rising, it is essential for national and international agencies to exchange information and communicate after a cyber attack.
Cyber attack on Xplain: the Federal Office for Cyber Security’s report on the data analysis