News
Reporting obligation for cyberattacks
A reporting obligation, however, would enable the NCSC to gain a better overview of cyberattacks that have occurred in Switzerland and shed light on the methods used by the perpetrators. This would lead to a better assessment of the threat situation and enable operators of critical infrastructure to be warned at an early stage.
Further Information
Cyber Security Hub
The Cyber Security Hub (CSH) is an important information system of the National Cyber Security Centre (NCSC). It is used to share and manage information on cyber threats, cyber incidents and cybersecurity practices.
Further Information
Current warnings
General forms of threats, perpetrators and tools
This document provides an overview of common forms of threats and their classification, as well as the types of perpetrators behind these threats.
Cyberattack - what next?
Checklist for CISOs
Cyberattack – what to do? Checklist for CISOs in the event of a cyberattack (PDF, 61 kB, 16.02.2021)
Coordinated Vulnerability Disclosure (CVD)
Have you discovered a vulnerability in an IT system or in commercially available applications, software or hardware and want to report it? The golden rule is to inform the vendor or system owner directly. However, if these organisations do not respond to you or if their response is insufficient, the NCSC can act as an intermediary to resolve such security issues.
Coordinated Vulnerability Disclosure (CVD)
If you could not reach the affected organisation, report the vulnerability you found to the NCSC.
Advisories
This means that the NCSC is not only the official contact point for reporting security vulnerabilities in Switzerland, but also maintains their CVE IDs for international exchange.
Security.txt - Include your security contact on your website
In case of cybersecurity problems in a company or organisation, it is very important to quickly inform the relevant security contact. Often, however, these contacts are not easy to find on websites, or are not even listed. The "security.txt" standard provides a way to publish the security contact of an organisation or company in a uniform way, thus making it quicker to find.
«security.txt»: Include your security contact on your website
Bug bounty programme
In order to increase its cyber security and reduce cyber risks effectively and cost-efficiently, the Federal Administration runs bug bounty programmes under the leadership of the National Cyber Security Centre (NCSC) and in cooperation with other administrative units and Bug Bounty Switzerland AG.
Information on GovCERT
The Government Computer Emergency Response Team (GovCERT) is the national specialist service responsible for the technical management of cyberincidents and technical analysis of cyberthreats.
Technical reports
07.11.2024 - Bericht zu Telefonbetrug im Cyberbereich
07.03.2024 - Bericht zu den Datenanalysen nach dem Cyberangriff auf die Firma Xplain
30.10.2023 -Detaillierter Analysebericht zu den DDoS-Angriffen «NoName057(16)»
23.05.2016 - Technischer Bericht zur eingesetzten Schadsoftware beim Cyberangriff auf die RUAG