Many urgently needed cybersecurity tests of networked infrastructures, devices and applications are not being carried out in Switzerland.
The rapid pace of digitalization in Switzerland brings with it great opportunities for development but also a fast-growing threat situation in the cybersecurity domain. Cyberattacks pose a real danger to all areas of public life – administration, industry and society. The frequency, damage potential and technical sophistication of attacks are constantly increasing.
Switzerland’s security and independence are particularly at risk when insecure cyber-physical components are used. In the area of digital products and infrastructures, however, there are currently hardly any laws or binding standards, no binding nationwide minimum requirements and no legally anchored product liability for software. As a result, many insecure products and applications enter the Swiss market without being tested.
Manufacturers, operators and distributors of products often lack the necessary incentives to initiate urgently needed cybersecurity testing at their own initiative and expense. Cybersecurity responsibilities and competencies are often not adequately defined or known, particularly in organizations working in new technology fields. Switzerland therefore does not maintain sufficient neutral and financially independent test capacities.
The NTC proactively identifies critical vulnerabilities and supports their remediation. The findings are made available to the public, government agencies and industry.
FOCUS OF OUR WORK
To minimize cyber risks, we proactively identify critical vulnerabilities and ensure that they are remediated – with or without a mandate.
The cybersecurity assessments carried out by the NTC are based on international recommendations and standards, which are supplemented accordingly for in-depth analysis. To ensure well-founded assessments, the NTC draws on expertise from the private sector, the research community and educational institutions in Switzerland and abroad.
Test methods
The NTC initiates its own projects and carries out commissioned projects to proactively identify vulnerabilities and support their remediation
The NTC does not perform tests on third-party systems without consent, as this is a highly sensitive legal area
Initiative projects are carried out at own expense
Commissioned projects for critical infrastructures and public authorities are carried out in accordance with the General Test Specifications for commissioned projects
The National Cybersecurity Centre (NCSC) officially supports the NTC with its cybersecurity tests (official letter of reference)
«We prepare test reports, but do not issue labels or certificates as they are of limited significance.»
Dr. Raphael M. Reischuk, Founding member
«We always remain neutral in what we do.»
Andreas W. Kaelin, Executive Management
The market for hardware and software components is not influenced. The tests are not conducted with the aim of increasing the sales of any manufacturer or distributor. The objectivity of the NTC is both a prerequisite for our work and a guarantee of our performance.
