Swiss Financial Sector Cyber Security Centre founded
The association’s foundation on 5 April in Zurich marked the culmination of a two-year project overseen by the National Cyber Security Centre (NCSC), to which the SBA made a substantial contribution. Based on the federal government’s national strategy for the protection of Switzerland against cyber risks as revised in 2018 (NCS II) and the cyber security strategy adopted by the SBA in the same year, the association was developed as a public-private partnership with the aim of boosting the cyber resilience of Switzerland’s financial centre and will, it is hoped, serve as a model for other sectors of the economy. Wide-ranging support was provided by the NCSC, which was responsible for managing the project, by a steering committee including the key stakeholders, and by the SBA’s own Information Security & Cyber Defence expert committee.
Crisis organisation for the financial sector
The project arose out of three recommendations made in 2016 by the advisory board for the future of the Swiss financial centre headed by Aymo Brunetti: to extend the services of the Reporting and Analysis Centre for Information Assurance (MELANI) to the entire financial sector, set up a body to oversee collaboration within the financial sector with the participation of the federal authorities, and build a crisis organisation. The financial sector joined the relevant authorities in rising to the challenge. An important milestone was achieved in 2019 with the setting up of the NCSC – a top priority for the private sector – and the appointment of Florian Schütz as its head by the Federal Council. This was essential to getting the project up and running, with the NCSC overseeing its work.
Public-private partnership proves a success
On 5 April, the founding meeting of the FS-CSC, headed by Florian Schütz, adopted the articles of association and appointed the Association Board, whose members are August Benz (SBA, President), Alexandra Arni (SBA, Vice President) and Marc Cortesi (Baloise, Treasurer). The Association Board is responsible for financial and organisational matters.
In addition to the general assembly of members, the association’s other bodies include:
- the Steering Board, with responsibility for strategic issues and crisis organisation, made up of selected members including representatives of the authorities;
- an advisory Expert Group, to which the members and representatives of the relevant authorities can contribute their practical experience;
- and a business office, which will initially be hosted by the SBA.
Once the official foundation had taken place, Federal Councillor Ueli Maurer addressed the approximately 80 attendees. Prior to the meeting, he had already called on banks and insurance companies to join the association.
Membership is open to Swiss banks, insurers, securities firms, financial market infrastructures, their associations and many other institutions within the financial centre. The relevant federal authorities are affiliated to the association, and can thus play a role in the Steering Board and Expert Group. This reflects the reality that public-private partnership is the only way to overcome the current challenges of cyber risk.
The next steps
From the association’s perspective, the next milestones are
- the creation of a platform for information sharing among members and
- the establishment of a Crisis Coordination Cell.
An existing provider is to be contracted to run the Operational Cybersecurity Cell. Negotiations are currently under way, and we hope to announce further details soon.