Improving Cybersecurity – how sovereign can Switzerland be?
Much of the essential data for a functioning digital society is controlled by a handful of global corporations. The majority of hardware and software for vital and critical systems are also produced by a few international companies. All these dependencies entail certain risks. The question therefore arises for Switzerland: How can the country increase its digital independence – its cyber sovereignty?
The discussions about the concept of cyber sovereignty are not new in themselves – but in Switzerland, a systematic examination of this strategic and at the same time complex topic has only been taking place in-depth for a few years now. In recent years, SATW, together with partners such as the Federal Department of Defence, Civil Protection and Sport (DDPS) and its expert group on Cyber Defence, has developed a definition of the term «cyber sovereignty» and corresponding fields of action for Switzerland. At the associating events, decision-makers from government, industry and science discussed possible fields of action. Federal Councillor Guy Parmelin presented his views on the topic. This year, SATW and Kickstart are organising a follow-up event on the subject as part of Cyber Week, in the presence of the Federal Delegate for Cyber Security, Florian Schütz, among others.
Digital independence for Switzerland
By cyber sovereignty we mean the ability of a country to make its own decisions in the digital space, to implement and enforce them and to protect its strategic interests. This definition explicitly doesn’t mean the political science understanding of the exercise of control by the state over digital applications. It is focused on the self-determined behaviour and action of the actors in cyberspace. For example, Switzerland should become more independent in key technologies and not have to rely solely on solutions from a few dominant global technology providers. Another aspect of cyber sovereignty concerns the self-determined handling of data by all citizens of our country.
Autonomy in interdependency
Technological dependence is particularly delicate in critical infrastructures, the economy and society. Dependence can exist with regard to products, services or knowledge. The challenges posed by such dependencies are higher costs, more time and resources required, difficulties with compatibility or general security concerns that can lead to irreversible damage. In regarding dependency, the affected country has to be taken into account by planning or implementing corresponding actions: does the dependency affect Europe, USA or the rest of the world?
It is crucial that Switzerland identifies and defines the technology areas and topics in which an existing dependency can represent a security risk and is intolerable. SATW is currently planning to build up a corresponding project on how to deal with these issues.
Cyber sovereignty as a topic at national and international level
The issue of cyber sovereignty is attracting international attention. Already some years ago, in 2015, the Bitkom (Bundesverband Informationswirtschaft, Telekommunikation und Neue Medien) published a paper on the topic of digital sovereignty and what should be fields of action for Germany and Europe in this regard. In Switzerland, the issue of cyber sovereignty can, on a governmental level, be found in particular in the «Nationale Strategie Digitale Schweiz» and the corresponding action plan. By the term «digitale Selbstbestimmung» the focus lies in particular on data sovereignty so that citizens can make their data available for the benefit of the general public. At a political level, two postulates by Marcel Dobler, among others, are pending which require clarification in terms of supply chain risks: One concerns the security of procurement of the Swiss Armed Forces (Postulat 19.3135), one handles the security of soft- and hardware-components regarding critical infrastructures (Postulat 19.3136). Further information on why supply chain poses a risk in an increasingly interconnected world can be found in this White Paper published by ICTswitzerland some days ago.
First solutions exist
At university, administrative and political levels, various players in Switzerland are dealing with the issue of cyber sovereignty and are already providing initial answers and solutions: With its Internet architecture SCION, ETH Zürich has developed a tool for more sovereignty in network communication that cannot be disrupted by any botnet. The development of this highly secure internet infrastructure «Made in Switzerland» is already well advanced and a forward-looking project in the area of cyber sovereignty. With the «Cyber-Lehrgang», the DDPS is contributing to a greater human capacity to act in the area of cyber-defence and thus to greater cyber sovereignty.
Cyber sovereignty is key for future developments
Cyber sovereignty is also linked closely with the capabilities of a society in terms of speed, creativity, innovation, adoption and execution of trustworthy technologies and services. It’s really strategic to have agile and flexible world-class universities combined with the attraction for international high-tech companies. The number of vibrant and interconnected startups is another grade to measure the degree of cyber-physical sovereignty. Cyber sovereignty is producing additional trust on a national and international level. It’s key in all future developments in a democratic country. Just think about possible concepts and architectures for living in smart and secure cities on an interconnected smart and peaceful planet.
by Adolf J. Doerig, Member of the Executive Committee and President Advisory Board Cybersecurity SATW