Breaking:

Coface: clear increase in profits in the first quarter

Fire brigade on duty – food burnt on the stove: kitchen catches fire

Series of mishaps at aircraft manufacturer – US aviation authority initiates new investigation against Boeing – News

Lvmh: Tod’s will bid farewell to the Milan Stock Exchange thanks to a fund supported by LVMH

SocGen: the margin in France is worrying, the title falls heavily!

Federal Office for Cybersecurity – The federal government is losing top-class cyber specialists – News

7 December 2023

Contents

At the beginning of the year, the National Center for Cyber Security will become the Federal Office for Cyber Security in the Defense Department DDPS. There is an accumulation of terminations in advance. One reason could be the proximity of the DDPS to the intelligence service.

A year ago, the Federal Council decided that the new Federal Office for Cybersecurity should be located in the Defense Department DDPS. Beforehand, there was a lengthy discussion within the administration and also among the public about where the future federal office should be located. Experts outside the administration argued for a location in a “civilian” department, for example in the Finance Department, where the National Center for Cyber Security NCSC was already located.

20 percent of employees have quit

Since the Federal Council’s decision, 10 of the 48 employees at the NCSC have resigned from their jobs, writes the NCSC at the request of SRF News. From January 1, 2024, the NCSC will become the new Federal Office for Cybersecurity.

What’s particularly painful is that there are also six high-profile cybersecurity specialists. They are referred to as top shots in the industry with years of experience.

These six people worked in the so-called “GovCERT”, the acronym stands for Government Computer Emergency Response Team. This is a cyber rapid response group. There are currently nine specialists working in this team. They are used when a company, institution or government office that is vital to Switzerland’s survival, a so-called critical infrastructure, falls victim to a cyber attack. This “GovCERT” team was also used in the hacks on Xplain and Concevis, among other things.

Reason for termination VBS

But why did these six cyber cracks quit? Radio SRF knows that these dismissals are related to the transfer to the Defense Department – with the future proximity to the intelligence service.

The future head of the Federal Office for Cybersecurity, Florian Schütz, provides information about the dismissals and possible conflicts of interest in the new office.

SRF News: A total of ten people resigned from the NCSC last year. Do you know the motives?

Florian Schütz: The motives are very individual. Whenever there are organizational changes, it is also a time for many people to reflect on what they would like to do in their career. The change for us is that we will become a federal office and go to a new department.

How does the DDPS, the future department, ensure that conflicts of interest between intelligence interests and private security interests can be resolved?

This is primarily covered by legislation. The Information Security Act and the Organizational Ordinance DDPS define what can be done. The reporting requirement for critical infrastructures has also been defined by Parliament, which clearly states that the Federal Office for Cybersecurity may not pass on certain information without the consent of the reporting party. Then of course there are other compliance mechanisms. For example, the financial control department has a whistleblowing office not just for cyber, but in general. If employees or third parties see violations, they can report them.

Is there a prioritization of private interests over intelligence interests?

The Federal Office for Cybersecurity clearly prioritizes the interests of business, society and authorities. Very often there are shared interests. I would not describe intelligence services as enemies of the interests of the population and the economy. Quite the opposite. They also have an interest in contributing to counterintelligence here. But they are different activities. Here we also have compliance with the separation of cybersecurity, cyber defense and cyber law enforcement, as we have had in the past.

The interview was conducted by Tobias Gasser

It’s about a fundamentally different understanding of cybersecurity, explains cybersecurity expert Martin Leuthold from the Switch Foundation. The intelligence service in the DDPS has an interest in leaving security gaps in the network open and using them to gain information. “The intelligence service is interested, and this is understandable, in obtaining as much information as quickly as possible with as little effort and hurdles as possible.”

On the other side are the cyber specialists in today’s NCSC who want to close gaps quickly – to protect civil society, private individuals and the economy. Future work in the VBS will lead to an ethical conflict among certain employees, says Leuthold, who, according to some information, knows some of the people affected. “This is probably due to the fact that various operationally active people have drawn conclusions.”

build up trust

Cyber expert Leuthold says that with the departures, the federal government is losing long-standing employees with a large national and international network who enjoyed the trust of the “community”.

The goal of the future Federal Office must be to rebuild this trust. Leuthold is positive that the current leadership of the NCSC is moving to the new federal office. The future Federal Office for Cybersecurity has already been able to fill some of the vacant positions.