The Importance of Vulnerability-Free Digital Products
Impulse event held in cooperation with the National Cyber Security Centre (NCSC) and the Federal Office of Communications (OFCOM), with the support of the Camera di commercio del Cantone Ticino – Industria, Artigianato e Servizi (Cc-Ti) and the Associazione Industrie Ticinesi AITI.
Wednesday, January 14, 2026 | Hotel De la Paix, Lugano
The impulse event in Lugano clearly demonstrated how central cooperation between government, industry, and research is in the field of cybersecurity.
In his opening remarks, Andreas W. Kaelin, co-founder, board member and CEO of the National Test Institute for Cybersecurity NTC, emphasized:
«Digital products and systems are the backbone of modern Switzerland. Our shared objective must therefore be to consistently reduce vulnerabilities—because every vulnerability that is closed strengthens Switzerland’s digital resilience. »
In her welcome address, Nicoletta Casanova, President of the Associazione Industrie Ticinesi AITI, stated:
«Cybersecurity is a key framework condition for Switzerland. It is indispensable for ensuring economic stability and secure business activity. »
National Security as a Shared Responsibility
Heinz Tännler, Government Councillor and Head of Finance of the Canton of Zug as well as President of the NTC, highlighted the need for coordinated action:
«A secure digital Switzerland requires the joint commitment of government, industry, and the population. »
The National Cyber Security Centre (NCSC) and the National Cyberstrategy NCS
Valentina Sulmoni, Head of Strategic and Political Affairs at the National Cyber Security Centre (NCSC), presented the NCSC as the federal government’s competence centre for cybersecurity. The NCSC is responsible for coordinating and implementing the National Cyber Strategy (NCS) and serves as the first point of contact for businesses, public authorities, policymakers, and the general public in matters related to cyber risks.
She outlined the three closely interlinked pillars of the Swiss cyber ecosystem—cybersecurity, the fight against cybercrime, and cyber defence—as well as the mandate of the NCSC:
«The NCSC strengthens cybersecurity as a foundation for digital transformation and enhances Switzerland’s resilience to cyber threats.»
Particular importance was given to the mandatory reporting requirement for cyber incidents affecting critical infrastructures, which has been in force since 2024. This requirement improves situational awareness, strengthens early warning capabilities, and provides legal certainty for affected organizations.
The Role of the NTC: We test what is otherwise not tested.
Tobias Castagna, Head of Test Experts at the NTC, explained the institute’s unique role:
«We test what would otherwise not be tested. To minimise cyber risks, we proactively identify critical vulnerabilities and ensure they are remediated —particularly where regulatory requirements or economic incentives are lacking.»
As an independent, non-profit organisation, the NTC conducts commissioned projects as well as initiative projects and cooperative projects of national relevance. These projects enable coordinated cybersecurity testing where neither the market nor individual actors can assume responsibility alone. The objective is to reduce systemic risks and strengthen the digital resilience of critical infrastructures and widely used digital products.
The examples presented clearly showed that a lack of incentives and fragmented responsibilities are key causes of insufficient prevention—and that independent, coordinated cybersecurity testing is therefore indispensable.
Practical Projects: Photovoltaic Systems and Grid Stability
A key practical example involved cybersecurity analyses of photovoltaic systems, conducted in cooperation with operators of critical infrastructures such as Aziende Industriali di Lugano (AIL).
The analyses show that thousands of internet-connected photovoltaic systems can pose a systemic risk to the stability of the electricity grid if inverters and remote control systems are inadequately secured. In a highly decentralised energy system, vulnerabilities in individual installations can have far-reaching, large-scale effects.
Michele Rusconi, Head of IT/OT and Cybersecurity Services at AIL, emphasised:
«In an increasingly decentralised power system, every single installation matters. Ensuring the security of inverters and remote control systems is essential for the stability of the entire grid.»
Market Surveillance, Regulation, and Connected Products
Lucio Cocciantelli, Deputy Head of the Radio Monitoring and Installations Division and Head of the Market Access and Cybersecurity Section at OFCOM, explained the role of the Federal Office of Communications in market surveillance and risk prevention related to connected products.
The new cybersecurity requirements for radio equipment enhance user protection and strengthen the authorities’ powers to take action against unsafe products. Concrete cases have demonstrated the need for systematic controls throughout the entire supply chain. The Federal Council has therefore mandated the DDPS (NCSC), in cooperation with DETEC (OFCOM) and EAER (SECO), to develop a broader legal framework covering all connected products.
Emerging Technologies: AI and Autonomous Systems
Professor Luca Benini, Full Professor at the Department of Information Technology and Electrical Engineering at ETH Zurich, addressed open platforms for intelligent autonomous systems and embodied AI. The rapid development of artificial intelligence is accompanied by growing challenges, particularly with regard to energy efficiency, complexity, and security.
Heterogeneous, specialised hardware can not only deliver efficiency gains but also enhance security, for example through internal monitoring mechanisms:
«The challenge is not only to make these systems more powerful, but also to ensure that they operate reliably and remain controllable.»
Cybersecurity, Resilience, and Responsibility
The concluding panel discussion, moderated by Angelo Geninazzi, Partner and Head of the Lugano office at furrerhugi, made it clear that cybersecurity is not merely a technical issue, but an individual and collective responsibility.
Tecla Solari, Member of the Board of Directors of Post Digital Services SA, noted: «It is not surprising that knowledge about vulnerabilities is lacking. Continuous awareness-raising and clear allocation of roles are needed—otherwise, no one ultimately takes action.»
The President of the State Council, Norman Gobbi, reminded the audience: «There is no such thing as zero risk. But a single negligent action can endanger the entire system.»
Paolo Attivissimo, journalist and IT consultant, highlighted the importance of resilience: «The question is not whether an attack will occur, but when. Systems must not only be resistant, but resilient.»
Finally, Luca Maria Gambardella, co-founder and CEO of Artificialy, pointed to the limits of a purely regulatory approach: «Rules are necessary, but they are not forward-looking. The speed of regulation must keep pace with the speed of technology.»
A heartfelt thank-you goes to all speakers and participants for the open, well-founded, and inspiring exchange.
The event in Lugano clearly demonstrated that digital security is built through collaboration—and through the consistent identification and remediation of vulnerabilities.
