Informations for it specialists

News

Reporting obligation for cyberattacks

A reporting obligation, however, would enable the NCSC to gain a better overview of cyberattacks that have occurred in Switzerland and shed light on the methods used by the perpetrators. This would lead to a better assessment of the threat situation and enable operators of critical infrastructure to be warned at an early stage.
Further Information

Cyber Security Hub 

The Cyber Security Hub (CSH) is an important information system of the National Cyber Security Centre (NCSC). It is used to share and manage information on cyber threats, cyber incidents and cybersecurity practices.
Further Information

Current warnings

E-mails with malware in the name of debt collection agencies and health insurance companies

02.12.2024 - The NCSC is currently receiving numerous reports of e-mails that claim to come from a debt collection agency or a health insurance company. They concern an alleged claim or reminder. Do not click on the link, as this is an attempt to distribute malware to Windows users.

General forms of threats, perpetrators and tools

This document provides an overview of common forms of threats and their classification, as well as the types of perpetrators behind these threats.

Cyberattack - what next?

Checklist for CISOs

Coordinated Vulnerability Disclosure (CVD)

Have you discovered a vulnerability in an IT system or in commercially available applications, software or hardware and want to report it? The golden rule is to inform the vendor or system owner directly. However, if these organisations do not respond to you or if their response is insufficient, the NCSC can act as an intermediary to resolve such security issues.

Coordinated Vulnerability Disclosure (CVD)

If you could not reach the affected organisation, report the vulnerability you found to the NCSC.

Information on the procedure and reporting for

Advisories

This means that the NCSC is not only the official contact point for reporting security vulnerabilities in Switzerland, but also maintains their CVE IDs for international exchange.

Advisories

Security.txt - Include your security contact on your website

In case of cybersecurity problems in a company or organisation, it is very important to quickly inform the relevant security contact. Often, however, these contacts are not easy to find on websites, or are not even listed. The "security.txt" standard provides a way to publish the security contact of an organisation or company in a uniform way, thus making it quicker to find.

 «security.txt»: Include your security contact on your website

Bug bounty programme

In order to increase its cyber security and reduce cyber risks effectively and cost-efficiently, the Federal Administration runs bug bounty programmes under the leadership of the National Cyber Security Centre (NCSC) and in cooperation with other administrative units and Bug Bounty Switzerland AG.

Bug bounty programme

Information on GovCERT

The Government Computer Emergency Response Team (GovCERT) is the national specialist service responsible for the technical management of cyberincidents and technical analysis of cyberthreats.

Technical reports

https://www.ncsc.admin.ch/content/ncsc/en/home/infos-fuer/infos-it-spezialisten.html