ELCASecurity Blog

Are we ready for cyberwarfare?

01.03.2022

March 1, 2022 Christophe Gerber

Are we ready for cyberwarfare?

The face of the cyber threat is changing at an accelerating pace. In addition to the heinous crimes and ransomware of the past few years, there are more and more politically motivated operations against individuals or states. Two recent events illustrate this.

 

In January, the ICRC was the victim of a massive hack, without any ransom demand, according to official announcements. This is not surprising, given the nature of the stolen data, which could well be recovered by a malicious state organization, to launch actions against individuals or groups of people.

 

Ukraine, for its part, has been undergoing a conventional military attack for a few days, preceded by years of actions in cyberspace. This is one of the new faces of war in the 21st century. These attacks are of concern to all citizens, including those in Switzerland. Would we be prepared if critical infrastructures for the functioning of our country were targeted by computer sabotage? In recent months, public authorities, businesses, and communities have been hacked. What if it was, for example, our energy supply or our banking system?

 

The worst-case scenario in Ukraine

Ukraine appears to be a real open-air laboratory for cyber operations, to the point that NATO has affirmed a first form of cooperation with it in this area. The attacks that Kiev has suffered, in recent years, can no longer be counted. All strategic areas of the country have been affected, as in 2015, when the power plant of Ivano-Frankivsk had deprived part of the region of electricity in the middle of December.  Or in mid-January this year when websites and several government agencies were blocked.

 

Tens, even hundreds of thousands of attacks are detected every day in the world. Not all of them have the same gravity or the same consequences, but cyber-attacks and disinformation are indeed the weapons of destabilization, as a complement or preparation to more conventional attacks.

 

We are all concerned

There are two kinds of computer attacks:

  • those aimed at data theft, which can affect all companies, public organizations, or individuals
  • those aimed at paralyzing the essential services of a company or a state, which is known as cyber-coercion. When tensions increase between countries, it is these critical infrastructures, such as service distribution centers, energy, banks, and stock exchanges, that are now targeted by cyber-attacks. To counter this type of infiltration, a defense must be put in place to cope with the strategic interest of the infrastructure, and anti-virus software is no longer sufficient. It is necessary to be able to detect stealthy and complex attacks in time, but above all to be able to respond, to restore the affected infrastructure and possibly to counterattack.

Is Switzerland prepared?

The answer is no. There is still a great deal of naivety in our approach in this area. Let's imagine, the hacking of an industrial service, responsible for the electrical distribution of a whole canton. Power plants, dams, windmills, even nuclear power plants, could be paralyzed. Is this scenario possible? Yes. The right question to ask now is: what are the means Switzerland wants to equip itself with to achieve adequate protection?

 

Our country has finally become aware of this type of danger and the protective measures to be taken. The National Council's Security Policy Committee recently voted in favor of setting up a Swiss sovereign cloud. Such a service would serve as a kind of protected area for storing sensitive data and running services that require a high degree of protection. The whole set up in public-private collaboration but especially under the sole Swiss jurisdiction.

 

It is also important that Switzerland develops a real integrated cyber defense capability. What is being put in place at the confederation level is a first step, but it will not protect our economy or individuals. For this, we need to accelerate the implementation of an industrial cyber defense ecosystem. This local network of specialized companies will allow us to better detect attacks and above all to respond to them with a real capacity to intervene.

In the physical world, the role and effectiveness of the military, police and private security companies have been demonstrated. Today, the same type of network is missing in the virtual world. It's time to move up a gear to ensure the digital survival of our infrastructure.

Contact: Christophe Gerber
ELCA’s Privacy Notice.

By continuing to browse this site, you accept the use of cookies or similar technologies whose purpose is to produce statistics on visits to our site (tests and measurement of visitor numbers, visit frequency, page views and performance) and to offer you content and promotions which will be of interest to you.

Our cookie policy has been updated. Please feel free to manage your preferences.

OK, accept all Disable all Configure
close
save

Manage your cookie preferences

Update your cookie preferences

Find out about the type of cookies stored on your device, accept or block them for the entire site, all services or on a service-by-service basis.

OK, accept all

Disable all

Visitor flow

These cookies provide us with insight into traffic sources and allow us to better understand our visitors anonymously.

(Google Analytics and CrazyEgg)

New

Sharing tool

Social media cookies allow content sharing on your preferred networks.

(ShareThis)

New

Visitor understanding

These cookies are used to track visitors across websites.

The intention is to enable us to offer more relevant, targeted content to existing contacts (ClickDimensions) and display ads that are relevant and engaging for users (Facebook Pixels).

 

New
For more information about these cookies and our cookie policy, click here