02.12.2022 - Based on the growing significance of cybersecurity and the good work done in recent years to establish the National Cybersecurity Centre (NCSC) in the Federal Department of Finance (FDF), the NCSC is to become a federal office. During its meeting on 2 December 2022, the Federal Council decided that the new federal office will be located in the Federal Department of Defence, Civil Protection and Sport (DDPS). It instructed the DDPS, in collaboration with the FDF, to define the structures of the new federal office by end-March 2023.
Cybersecurity has grown in significance at all levels in recent years. Ensuring cybersecurity has become an essential federal task. In 2019, the Federal Council laid an important foundation stone by creating the NCSC as a unit in the General Secretariat of the Federal Department of Finance (FDF) to deal with the multifarious challenges in the cyberdomain. In spring 2022, given the growing importance of the NCSC, the Federal Council decided that the NCSC would become a federal office. It has now decided to locate the new federal office in the DDPS.
Structures of the new federal office to be defined
The Federal Council has instructed the DDPS, in collaboration with the FDF, to define the structures of the new federal office, the available synergies and the interfaces with other federal units by end-March 2023. By exploiting synergies with the DDPS's existing cybersecurity expertise, the NCSC will be strengthened. It will continue to assume the core cybersecurity tasks, which include supporting businesses and the general public in dealing with cyberincidents, providing a national reporting office and contact point, issuing information and alerts about cyberthreats and protective measures, raising awareness among the general public, and protecting the Federal Administration. In the fulfilment of its tasks, the NCSC will continue to work very closely with other federal offices, the cantons, the business community and academia. The new federal office will remain a civilian unit of the Federal Administration. The DDPS has been instructed to identify how civil security will be institutionally ringfenced and reinforced relative to military tasks within the department by end-March 2023.
The NCSC as a reporting office for cyberattacks
The legal basis for the NCSC's tasks had already been established with the dispatch on the introduction of a reporting obligation for cyberattacks on critical infrastructures, which was adopted at the same meeting.