SWITCH Security Report September/October 2021

Dear Reader

The latest issue of our bi-monthly SWITCH Security Report is available.

The main topics of the current report are:

  • Covid collateral damage: how the pandemic impacts IT security
  • Malware-as-a-service – advertised via Google Ads and supported by brazen PR
  • Advertising and reality: data stolen from 50 million T-Mobile US Inc. customers
  • Facebook face down – the temporary fall of the Zuckerberg empire

> Download English Report I > Download German Report

The electricity industry: the need for action on cybersecurity

The ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ report by the Swiss Federal Office of Energy concludes that the electricity industry needs to take action on cybersecurity.

There’s no doubt that the electricity supply is most likely the most important of all critical infrastructures in a modern, digitalised society. In the Swiss Confederation, the electricity supply network is heavily fragmented – there are around 600 power plants supplying homes and businesses in the network. Unlike other critical infrastructures, the electricity sector must be viewed as a complex overall system from the perspective of cybersecurity. In view of the threat situation, this gives rise to major challenges.

Inside-it.ch columnist Martin Leuthold of the Switch Foundation has analysed the report entitled ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ and gives his thoughts on four proposals made by the Swiss Federal Office of Energy (SFOE).

Who are the key market players in Switzerland?

The report starts by using the term ‘boundary conditions’ to propose that the SFOE define mandatory requirements and/or a risk-based minimum standard for key market players. In terms of the criteria for defining ‘key market players’, reference is made to the practice in neighbouring countries, which makes sense. How these parameters should be defined in Switzerland, however, remains unanswered. Realistically, the focus should initially be on 20 to 30 leading energy firms. We recommend looking for ways in which the many small utility suppliers can also be included in parallel with the industry.

Continue reading “The electricity industry: the need for action on cybersecurity”