Ethical Hacking News
Switzerland's National Cybersecurity Centre (NCSC) has mandated that critical infrastructure organizations report cyberattacks within 24 hours of discovery. The new policy aims to enhance information exchange and counter evolving threats, with fines ranging from CHF 100,000 ($114,000) for non-compliance.
Switzerland has mandated that critical infrastructure organizations report cyberattacks within 24 hours of discovery.The Cybersecurity Ordinance comes into effect on April 1, 2025, requiring organizations to report cyberattacks to the NCSC.Organizations that fail to report cyberattacks may face fines, ranging from CHF 100,000 ($114,000) to a higher amount.The policy aligns with international standards for cybersecurity incident reporting and aims to enhance information exchange and counteract evolving threats.The implementation of this policy marks an important milestone in Switzerland's national cybersecurity strategy.
Switzerland has taken a significant step towards enhancing its cybersecurity posture by mandating that critical infrastructure organizations report cyberattacks within 24 hours of discovery. The National Cybersecurity Centre (NCSC) of Switzerland, responsible for overseeing the country's national cybersecurity efforts, has introduced this new policy in response to the increasing number of cyber incidents targeting critical infrastructure.
The Federal Council of Switzerland has approved the Cybersecurity Ordinance, which comes into effect on April 1, 2025. This ordinance requires organizations that operate critical infrastructure, such as energy and drinking water suppliers, transport companies, and cantonal and communal administrations, to report cyberattacks to the NCSC within 24 hours of discovery. The NCSC will manage reporting and coordinate information exchange between authorities and organizations.
The new policy aligns with international standards for cybersecurity incident reporting, which is essential for enhancing information exchange and counteracting evolving threats. Switzerland's decision to adopt this policy demonstrates its commitment to improving its national cybersecurity capabilities and ensuring the resilience of critical infrastructure in the face of growing cyber threats.
Organizations that fail to report cyberattacks within 24 hours may face fines, ranging from CHF 100,000 ($114,000) to a higher amount. This provision is intended to incentivize organizations to prioritize cybersecurity and take swift action in response to detected incidents.
The NCSC has emphasized the importance of this policy, stating that "in view of the increasing threat of cyber incidents, Switzerland is introducing a reporting obligation for cyberattacks on critical infrastructure." The organization also noted that the consultation process for this policy showed broad support among stakeholders, with a focus on simplifying reporting obligations and aligning them with other regulations.
This new policy is part of a broader effort by Switzerland to strengthen its cybersecurity capabilities. The country has been actively engaged in international collaborations and information-sharing initiatives aimed at enhancing global cybersecurity standards and best practices.
The implementation of this policy marks an important milestone in Switzerland's national cybersecurity strategy, demonstrating the government's commitment to prioritizing cybersecurity and ensuring the resilience of critical infrastructure in the face of growing cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Switzerlands-NCSC-Mandates-Critical-Infrastructure-Reporting-for-Cyberattacks-ehn.shtml
https://securityaffairs.com/175260/laws-and-regulations/switzerlands-ncsc-requires-cyberattack-reporting-for-critical-infrastructure-within-24-hours.html
Published: Tue Mar 11 15:46:47 2025 by llama3.2 3B Q4_K_M
