The Swiss Federal Council proposed “a reporting duty” for cyberattacks on critical infrastructure. The proposal comes amid the EU’s and the USA’s race to protect critical assets from threat actors.
The proposal takes such reporting to legal realms, creating the legal basis for the obligation to make the National Cybersecurity Centre (NCSC) aware of similar incidents.
“There is currently no overall picture of what attacks have taken place where, because reporting to the NCSC is voluntary. Mandatory reporting will provide the NCSC with a clearer picture of the cyberattacks that have occurred in Switzerland and the modus operandi of the attackers,” the Federal Council said in a statement.
To simplify the process, NCSC will introduce an electronic form that can be completed and forwarded directly to other recipients if necessary.
In addition to obligating companies to help protect against cyberattacks, the proposal also makes it mandatory for NCSC to offer subsidiary support in attack mitigation. It also explains how NCSC can assist the public in protecting themselves against cyberthreats.
“In particular, it sets out the NCSC's functions as a contact point for questions on cyberthreats and a reporting office for vulnerabilities.”
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint CyberSecurity Advisory back in 2021, warning that ransomware has become a national security issue.
Later in 2022, following Russia’s invasion of Ukraine, the FBI, the NSA, and CISA urged cybersecurity experts to adopt a “heightened state of awareness,” especially concerning the defense of critical infrastructure.
Yet, such protection is not always maintainable long-term, with humans being the weakest part of the cybersecurity equation.
“It’s impossible to be in a state of heightened alertness constantly. What we’re trying to do at the moment is not only learn what actions we need to take in a heightened alert state, but also how we can automate them. We can start to implement some repeatable systems since computers don’t get tired, and humans do,” Alex Tarter, CTO and chief cyber consultant at Thales, told Cybernews.
More from Cybernews:
Subscribe to our newsletter