Federal Council adopts strategic goals for cybersecurity exercises in the Federal Administration and Armed Forces

06.12.2024 - At its meeting on 6 December, the Federal Council approved the report on cybersecurity exercises in the Federal Administration and the Armed Forces in response to the postulate submitted by Marcel Dobler (22.4081). The Federal Council has defined three strategic goals for cybersecurity exercises in the Federal Administration and the Armed Forces: it wants to strengthen internal coordination and cooperation, standardise the preparation and follow-up of cybersecurity exercises, and institutionalise cooperation across the Federal Administration and at international level. The National Cyber Security Centre (NCSC) is to play a key coordinating role in this process.

To strengthen its cyber capabilities, the Confederation currently conducts its own cybersecurity exercises, integrating certain cyber-related elements into large-scale crisis management exercises. It participates in various cybersecurity exercises at international level and uses these exercises in specific circumstances as an instrument of cyber diplomacy.
In the report on cybersecurity exercises in the Federal Administration and the Armed Forces in response to Postulate 22.4081, the Federal Council sets out three strategic goals and the priorities for their implementation. The goals include strengthening internal coordination and cooperation, standardising the preparation and follow-up of cybersecurity exercises, and institutionalising cooperation across the Federal Administration and at international level.

NCSC to play a key coordinating role

The NCSC will play a key role in coordinating cybersecurity exercises and facilitating cooperation in the Federal Administration. Its tasks will include ensuring that cybersecurity operations are integrated into crisis management exercises and strengthening cooperation between the relevant specialist units in order to avoid redundant development and planning work.

Cybersecurity exercises serve several purposes, including training participants and identifying vulnerabilities in the system. In order to increase their long-term benefit, there should be a systematic preparation of and follow-up to such exercises. In addition, the knowledge gained from the exercises should be shared within and outside the Federal Administration and serve as a basis for further planning and training.

Regular national and multilateral exercises

Cyber incidents are rarely limited to a single system or network within an organisation. For cybersecurity exercises to be effective, they should be carried out at national and international level and be institutionalised. The Federal Administration and the Armed Forces therefore consider it a priority to conduct practical critical infrastructure exercises and participate in multilateral exercises with international partners at regular intervals. To institutionalise national cooperation, the NCSC will act as the central point of contact for external partners, the business community and the general public.

Implementation by late 2027

The Federal Council has tasked the DDPS, in collaboration with the FCh, FDFA, FDJP and FDF, with implementing the report’s key points by the end of 2027. The strategic goals and priorities for implementation set out in the report serve as the basis for implementing Measure 10 (Crisis management) of the National Strategy for the Protection of Switzerland against Cyber Risks (NCS).