2025 Review: Identifying Vulnerabilities, Strengthening Security
In 2025, the National Test Institute for Cybersecurity NTC conducted numerous independent cybersecurity testing activities of high relevance to industry, public administration, and society. The results of this testing identified concrete vulnerabilities, enabled targeted remediation, and made a measurable contribution to strengthening Switzerland’s digital resilience. In doing so, the Institute further reinforced its role as an independent testing body for digital products and applications.
The independence and neutrality of the NTC form the foundation for highly credible security assessments, particularly for public authorities, operators of critical infrastructure, and other security-relevant systems. With broad technical expertise in hardware security, industrial control systems, web and mobile security, and radio technologies, the NTC has established itself as a multidisciplinary center of competence.
A defining characteristic of the NTC’s mandate is its proactive cybersecurity testing approach: the Institute conducts testing on its own initiative when risks to the public are identified. This approach creates direct societal value, especially in areas where regulatory requirements or economic incentives are insufficient or absent.
Overview of Key Cybersecurity Testing Activities in 2025
Hospital Information Systems (HIS)
In several Swiss hospitals, the NTC conducted technical cybersecurity testing of three of the most widely used hospital information system solutions. Carried out over the course of one year, this testing revealed serious vulnerabilities in core IT systems within the healthcare sector. The vendors were informed and remediation measures were initiated. The report published in early 2025 provides concrete recommendations for sustainably improving cybersecurity.
Read the HIS report
Photovoltaic Systems
In cooperation with national partners, the NTC is currently performing cybersecurity testing of inverters and energy management systems. The increasing connectivity of photovoltaic systems introduces new systemic risks to security of supply. The testing aims to identify vulnerabilities at an early stage, make dependencies visible, and derive actionable recommendations. A summary report is expected in summer 2026.
Read the Photovoltaics article
Open Source Software (OSS)
As part of a pilot project conducted together with the Swiss National Cyber Security Centre (NCSC), the NTC carried out cybersecurity assessments of the open source solutions TYPO3 and QGIS. The identified vulnerabilities were remediated by the respective developer communities. The project demonstrates that targeted cybersecurity testing strengthens the security of open source software and makes a tangible contribution to Switzerland’s cyber resilience. The report was published in October 2025, with technical details available on the Vulnerability Hub.
Read the reports
View the technical details
Peripheral Devices
The NTC conducted cybersecurity testing of headsets, keyboards, and conference room systems. The results show that even seemingly low-risk peripheral devices can constitute relevant attack vectors, including in hardened IT environments. Particularly critical vulnerabilities were identified in meeting room solutions. The project was supported by federal authorities, cantons, and banks.
A summary report will be published in spring 2026.
Wireless Consumer Devices
Children’s smartwatches, baby monitors, and WLAN routers are among the most widely used wireless devices, communicating via WLAN, Bluetooth, 5G, or other radio technologies. Ahead of the entry into force of the Radio Equipment Directive (RED) on August 1, 2025, the NTC examined a broad selection of such products as part of targeted cybersecurity testing. Result: many models do not meet the new cybersecurity requirements. The NTC therefore identifies an urgent need for action across the entire supply chain.
Read the report
Digital Aptitude Tests for Apprenticeship Applicants
In the application process, digital aptitude tests are a key component for many future apprentices. The cybersecurity testing conducted by the NTC identified critical vulnerabilities, which were promptly remediated by the vendor. The project was supported by industry associations and private-sector partners.
Raising Awareness of Cybersecurity Testing
Following the NTC’s annual event held in Bern on August 27, 2025, organized in cooperation with the NCSC and with the participation of Federal Councillor Martin Pfister, the NTC held a further impulse event on January 14, 2026 in Ticino, together with the NCSC, the Federal Office of Communications (OFCOM), and local institutions.
Both events were held under the title “National Security in the Digital
Age – The Importance of Vulnerability-Free Digital Products.” More than 100 representatives attended each event, from industry, academia, politics, and public authorities, discussing the vision of a more secure digital future and how cybersecurity testing can contribute to strengthening Switzerland’s resilience.
Review of the Bern event
Review of the Ticino event
Next Steps
The NTC’s objective remains clear: as an independent organization, it aims to further expand cybersecurity testing of digital products and applications, particularly in areas where regulatory frameworks or economic incentives are lacking. In doing so, the Institute makes a key contribution to Switzerland’s digital security.
Important strategic steps are currently being taken to ensure the sustainable development and long-term consolidation of the NTC. The measures are expected to take effect no earlier than 2027 and will strengthen the institute’s financial foundation.
Legal Framework and Future Federal Mandates
With the adoption of the motion submitted by the Security Policy Committee of the Council of States (SPC-CS) titled “Conducting urgently required cybersecurity testing,” the existing gap in independent security testing has been officially acknowledged. The EAER (SECO), DDPS (NCSC), and DETEC (OFCOM) are currently developing the legal basis for implementation.
Research Cooperation with ETH Zurich
A strategic cooperation in the fields of cybersecurity and artificial intelligence is planned, including the funding of two ETH Zurich professorships at the NTC, supported by the Canton of Zug. A decision by the cantonal parliament is expected in June 2026.
Growing Demand
During the reporting year, the number of cybersecurity testing mandates from public authorities and operators of critical infrastructure continued to increase. This development enables the non-profit Institute to carry out a greater number of initiative-driven testing projects for the benefit of society, underlining the growing national importance of independent cybersecurity testing.
Acknowledgements
The NTC would like to expressly thank the Canton of Zug, and our partners NCSC, OFCOM, and ETH Zurich, as well as the Asuera Foundation, Beisheim Holding, and the Zuger Kantonalbank for their valuable financial and substantive support.
Media Tracking
In 2025, the NTC’s work was covered by various media outlets. Below is a selection of relevant articles:
- RSI Il Quotidiano, January 14, 2026: Cybersicurezza, prevenire è meglio che curare
To Il Quotidiano – Play RSI programme
- Inside IT Online, December 15, 2025: Bacs veröffentlicht jetzt Schwachstellen
To Inside IT Online
- SRF 10 vor 10, November 18, 2025: Schweiz: Cyber-Angriffe leicht rückläufig
To SRF 10 vor 10
- News Service Bund, October 13, 2025: Pilotprojekt zur Prüfung von Sicherheitslücken in Open Source Software
To the News Service Bund
- SRF Espresso, August 19, 2025: Vernetzt, aber sicher: neue Regeln für «smarte» Geräte
To SRF Espresso
- Netzwoche Online, May 22, 2025: Ab August gelten neue Cybersicherheitsregeln für funkfähige Geräte
To Netzwoche Online
- 24heures Online, May 22, 2025: De nombreux appareils connectés risquent d’être interdits
To 24heures Online
- Tagesschau, January 23, 2025: NTC: Schweizer Spitäler haben gravierende IT-Sicherheitslücken
To Tagesschau
