Summary concept paper test institute

Progressing digitization not only increases numerous conveniences, it also gives rise to new risks, among other things with regard to the sovereignty of Swiss society and the informational self-determination of each individual citizen. In particular, critical dependencies on information technology are growing with regard to the use of hardware and software as well as IT-related services. If it is taken into account that on average between 1 and 100 vulnerabilities are contained in 2,000 lines of program code, the increasing degree of networking of IT components inevitably leads to remote attackers posing a real threat, in some cases with considerable damage potential, to society.

It will therefore be all the more important in the future to develop a meaningful picture of the actual threat based on vulnerabilities in inadequately secured IT components and services. From the point of view of Switzerland's social, economic and geopolitical stability, it is unacceptable that purchasers and operators of critical components do not have sufficient opportunity to evaluate the quality in terms of cybersecurity of the products to be used by an officially mandated institution.