Effective combating and prosecution of cybercrime

Switzerland has the necessary capacities and organisational structures in all situations to identify cyberthreats and cyberincidents quickly and minimise the damage they cause. Incidents can be dealt with even if they persist over an extended period and affect different areas simultaneously.

The digital infrastructure available over the internet opens up new possibilities for potential criminals with great potential for damage to society and the economy. Cybercrime crosses territorial boundaries in a highly dynamic process with short innovation cycles. The greater the digital connectedness, the greater the risk that cyberincidents will start in the virtual world but have a damaging impact in the real world.

Against the backdrop of this development, it is important to further improve interoperability and responsiveness throughout Switzerland and in cooperation with international partners, as well as to coordinate specialist, technical and personnel skills effectively without a reallocation of powers between the various authorities and levels of government.

Measures

M12: Expansion of cooperation between prosecution authorities

Description

Cooperation between the Confederation and cantons and between the cantons in the prosecution of cybercriminals is to be further expanded. This is key to efficient and effective prosecution. Such cooperation already takes place as far as the law allows, in particular via the Digital Crime Investigation Support Network (NEDIK), but must be consolidated and further developed. This also means examining what adjustments to the legal foundations are required to enable this.

Cooperation can be enhanced by various additional measures. If joint procedures are defined and processes are standardised, this already creates a basis for easier cooperation. In the case of specialised skills that are difficult to obtain (in digital forensics, for example), direct communication between specialists or even a regional pooling of expertise may be very helpful, including with regard to a coordinated training offer.

International cooperation, which is crucial for criminal prosecution, is to be further strengthened, with a particular focus on collaboration with Europol.

Background and need for action

The Cyberboard is a coordination and cooperation platform for combating cybercrime, on which all major actors are represented. It coordinates case processing, allows prosecution authorities to share information about known modi operandi in Switzerland, typical cases and situations, identifies links, and if necessary examines and initiates measures to improve existing processes. Within the framework of the Cyberboard, the Cyber-CASE is intended to facilitate the sharing of information and knowledge among specialists from the public prosecutor's offices and investigative authorities at three to four meetings each year. The Cyberboard is to be further strengthened.

Cooperation between cantonal police forces is being strengthened via NEDIK and the regional Cyber Competence Centre (RC3). Regular coordination on strategic and operational issues takes place via NEDIK. The good cooperation that already exists thanks to these bodies should be further expanded. This can now be promoted specifically in areas where the greatest benefit can be achieved.

The local jurisdiction rules of the Criminal Procedure Code make it harder to prosecute cybercrime. The creation of a legal basis for national data exchange must therefore be examined as a matter of urgency.

Priorities

Strengthening existing cooperation by standardising processes and interfaces and fostering the sharing of experience.
Pooling specific expertise (e.g. on IT forensics) and security-related procurement.
Coordinating cooperation with national and international actors, especially on the preservation of evidence and mutual legal assistance.
Reviewing the legal bases for cooperation and creating new legal bases as necessary.

Key actors

Confederation:
fedpol, OAG, FOJ
Cantons:
cantonal police corps, CCJPD, CCPCS, public prosecutor's offices, CSPP
Joint bodies:
Cyberboard, NEDIK, SKK

M13: Case overview

Description

An overview of events is an important prerequisite for assessing the threat situation. It is also very important for prosecution. A case overview helps to enhance efficiency and quality and increase the clear-up rate for intercantonal or international clusters of cases.

There are three levels of case overview: events (e.g. reported incidents), official reports of offences received, and the judicial case overview of ongoing proceedings. A complete overview is achieved when the data from the various levels can be correlated and evaluated in real time.

Background and need for action

The establishment of the NCSC's national contact point for cyberthreats and the cantonal police reporting points (e.g. cybercrimepolice.ch) has enabled significantly more information about cyberincidents to be obtained from the public and businesses. The Federal Statistical Office also publishes annual figures on the development of digital crime.

The available data is already shared between the judicial and prosecution authorities, as far as the law allows.

PICSEL (Plateforme d'Information de la Criminalité Sérielle En Ligne) provides a tool for the systematic and structured recording of cases, making it possible to establish series and to identify new phenomena and modi operandi. PICSEL is already up and running and is being further developed by the Police Technology and IT (PTI) competence centre. However, not all cantons are involved in it yet. The reason for this is the lack of a common and uniform legal basis that would allow PICSEL to be used throughout Switzerland. It needs to be clarified how a legal basis for an information sharing platform can be created.

NEDIK compiles a monthly overview of the latest developments in cybersecurity, and the NCSC's reporting office publishes case figures on the number of incidents reported, broken down by phenomenon, on a weekly basis. The number of cases, by phenomenon, is also reported annually in the police crime statistics.

However, the sharing and processing of case statistics do not yet take place in a comprehensive and strategically managed way, which is why there is still no national overview.

Priorities

Picture of the cyberincident situation, broken down by event: The NCSC's national contact point will record the incidents received and exchange information with the police authorities' contact points.
The legal framework for sharing information between the contact point and the prosecution authorities must be clarified.
Case overview on reports of offences received and on ongoing police and judicial proceedings: Legal and technical conditions will be created to enable centralised recording of reports of criminal offences received relating to cyberincidents and of ongoing proceedings.

Key actors

Confederation:
fedpol, OAG, NCSC
Cantons:
cantonal police corps and public prosecutor's offices, CCJPD, NEDIK, CSPP, PTI

M14: Training of prosecution authorities

Description

Cybercrime encompasses very different offences, which are often not easy to define and delimit and which are committed using ever-changing methods. This makes dealing with cyberoffences challenging for prosecution authorities. It must be ensured that all levels of criminal prosecution have the required knowledge of cybercrime to perform their respective tasks.

Background and need for action

Basic cybercrime training takes place in police training colleges and at the Swiss Police Institute (SPI). In French-speaking Switzerland, training is also provided by the École romande de la magistrature pénale (ERMP), part of the Institut de lutte contre la criminalité économique (ILCE).

In addition to this specific training, many courses offered by universities and universities of applied sciences are relevant to employees of prosecution authorities. There is also training provision for public prosecutors, judges and court clerks. The platform cyberpie.ch was established on behalf of the Conference of Cantonal Police Commanders of Switzerland (CCPCS) to provide an overview of relevant training opportunities. In addition, NEDIK organises several training courses for specialists each year according to current needs and runs a national knowledge platform called CyberWiki. SCP provides the cantonal police forces with case-specific brochures containing information on the individual phenomena, thereby furthering the training of police employees.

It is important to continue promoting the training of judicial and prosecution authorities, building on these existing opportunities. In addition, the sharing of experience between prosecution authorities, as well as between prosecution authorities and the business community, must be further strengthened, since a great deal of knowledge can be imparted in this way as well. The Swiss Police Institute should be able to play a central role in coordinating this.

Priorities

Further development of training provision:
The existing provision will be kept under constant review to ensure that it meets the relevant needs. It will be clarified how new training offers can be created in case of additional need.
Sharing experience:
The exchange of knowledge between prosecution authorities will be fostered through internships, expert pools or online platforms.

Key actors

Confederation:
fedpol, OAG, NCSC
Cantons:
cantonal police corps, CCPCS, NEDIK, public prosecutor's offices, CSPP, SPI, ASR-SVM
Business community/society:
SPI, universities