Switzerland remains under-resourced in the fight to repel the almost ‘daily’ cyber attacks targeting government and business, according to Defence Minister Guy Parmelin. The state must compete harder to recruit the best specialists, he said.
A year-and-a-half after the RUAG case – when Russian hackers infiltrated the databases of the Swiss state-owned defence contractor – resources for dealing with cyber attacks remain a work in progress, Parmelin told the Tages-Anzeiger and Der Bund newspapers on Monday.
Currently, there are about 50 positions in the defence ministry working on cyber-defence; “not enough”, for Parmelin. He wants to triple the figure by 2020.
In addition, the army, criticised earlier this year for a “disjointed strategy” in dealing with cyber-attacks, now aims to train 50 specialists each year, many of whom he “hopes” will then remain working in state roles.
However, competition with big (and high-paying) firms such as Google remains a problem. “Every year, ETH Zurich trains around 250 IT specialists,” he said. But “200 of them go directly to Google.”
Asked how he would solve this dilemma, he reckoned salary increases were not solely the solution. Rather, he said, it could be a question of tackling the tension between the freedom and autonomy that these “cyber-warriors” seem to want, and the strict framework provided by the defence forces.
“We can become more open and flexible,” he said.
He also mentioned the possibility of deeper collaboration with private firms – “both sides could benefit from this” – but didn’t elaborate on how such a scheme would function.
A needed boost
Cyber-attacks have risen markedly in Switzerland in recent years.
Last year, 14,033 cybercrime cases were reported to police in Switzerland, compared to 11,575 in 2015 and 5,330 in 2011. A KPMG surveyexternal link released in May 2017 found that 88% of Swiss companies have experienced cyber-attacks in the previous year, compared to 54% in 2016.
This may be just the tip of the iceberg. Individuals worried about compromising material and companies wary of reputational risk often neglect to report hacking instances, analysts say.
And though larger firms are often more aware and prepared for the risks, small and medium-sized businesses (SMEs) are frequently vulnerable, something that Parmelin also alluded to.
“In Switzerland, we are sometimes a bit naïve in this respect,” said the minister. “Many believe that cyber warfare takes place elsewhere. I’m afraid that’s not right.”
swissinfo.ch and agencies/dos