Switzerland tightens up cybersecurity rules

Telcos in Switzerland will soon be subject to stricter rules governing network outages and hacking incidents.

From January, ISPs must have the capability to detect and counter malicious activity – such as phishing attempts – on websites, blocking them if necessary. This sort of thing is usually left to antivirus software, but the Swiss government wants telcos to do it. ISPs will also be required to maintain teams whose role will be to receive reports of compromised network devices, and combat malicious attempts to take down servers, services and infrastructure.

The new responsibilities constitute a package of revisions to the Ordinance on Telecommunications Services, and were approved by the government on Wednesday. Under the amended regulations, telcos are also required to implement appropriate measures to secure next-generation networks, including 5G, and the services that run on them. The government didn’t expand on what form these measures might take, only that they must adhere to requirements established by telco regulator OFCOM.

In addition, the tweaked legislation also requires telcos to respond more quickly when something does go wrong.

For instance, outages that affect 10,000 customers must now be reported, whereas the previous threshold was 30,000. Rather than notifying OFCOM, telcos will instead have to report incidents to the National Emergency Operations Centre (NEOC), which coordinates the government’s response to both natural and man-made disasters. NEOC will then inform OFCOM.

“This will allow disturbances to be dealt with in real time, which is particularly important in crisis management,” the government said.

The revisions were adopted amid recent warnings from multiple sources that the world is not doing enough to get to grips with cybersecurity.

Insurance giant Swiss Re warned last week that current cyber insurance premiums amount to just a fraction of total losses from cyber attacks, estimating the protection gap at a somewhat alarming 90 percent. It essentially means that a big, successful cyber attack could put the victim out of business. In a report, Swiss Re said global annual cyber insurance premiums reached $10 billion in 2021, and are forecast to rise to $23 billion by 2025. That same report also cited figures from McAfee which said total financial losses attributed to cyber crime reached $945 billion in 2020.

“The cyber risk landscape is rapidly evolving and cyber attacks have increased. However, most businesses and households are uninsured or significantly under-insured,” Swiss Re said. “There is much work to do to ensure sufficient risk protection is available to make society more resilient to cyber risk, and this effort will require collaboration between businesses, the insurance industry and government.”

Furthermore, telcos surveyed by Nokia this week warned that 5G standalone (SA) could leave them more susceptible to security breaches. The combination of cloud-based networks and ever more connected devices will increase the number of potential attack vectors, Nokia said. Roughly three quarters of the CSPs surveyed said they had experienced as many as six security breaches in the past year, resulting in regulatory liability, fraud and theft, and network service outages – precisely the kind of breaches that the Swiss government’s amended legislation wants to curb.


Get the latest news straight to your inbox. Register for the newsletter here.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.