EN

IoT and OT

Cybersecurity Map 12:01

Add to bookmarks Remove from bookmarks

The networking of the Internet of Things (IoT, e.g. a smart temperature sensor) and operational technology (OT) offers great opportunities for innovation and automation in industry and smart infrastructures. In the field of predictive maintenance, for example, it makes it possible to recognise the wear and tear of machine parts at an early stage. However, the networking of IoT and OT also harbours considerable cyber risks. Attacks on networked systems can cause physical damage, from power outages to production stoppages. To minimise these risks, Switzerland needs clear security standards, close cooperation with the EU, targeted awareness-raising among the population and industry, and the promotion of research and independent security audits.

The challenges 

  • Increasing security risks: The close linking of IT and OT systems creates new areas of attack. OT devices have a very long service life of up to 30 years, especially in industrial environments - ensuring security updates over such a long period is a challenge. 

  • Lack of standardisation and certification: The market for IoT devices suffers from a lack of security standards and inadequate regulation, particularly in the consumer sector. There is a market failure here, as manufacturers bring devices to market quickly and cheaply. 

  • Focus on "safety" instead of "security": In the industry, the focus is on accident prevention (safety), while cybersecurity (security) is given too little consideration. 

  • Fragmented responsibilities: A lack of harmonisation between international standards and national initiatives makes it difficult to implement secure end-to-end security solutions. 

Recommendations for politics, business and society 

  • Establish security standards and regulation: Switzerland should introduce mandatory minimum standards for IoT and OT devices and work closely with the EU, e.g. as part of the Cyber Resilience Act. Certifications for secure devices promote transparency and strengthen trust in networked technologies. 

  • Promote awareness in business and society: Awareness campaigns should raise awareness of cyber risks among companies and private individuals. Training programmes on cyber security and best practices are important for industry and OT sectors in order to avoid security gaps due to ignorance or negligence. 

  • Provide targeted support for research and innovation: Policymakers should promote research into security architectures for IoT and OT devices, including solutions for short-lived and long-term systems. Innovative approaches such as zero-trust models and micro-segmentation should be promoted to secure networked systems. 

  • Strengthen security checks and independent tests: The National Cybersecurity Testing Institute (NTC) should be further supported to identify and fix vulnerabilities in IoT and OT devices at an early stage. Quality tests by independent bodies should be established as a standard, similar to those in medical technology. 

Authors and subject responsibility

Umberto Annino, Microsoft | Martin Leuthold, Switch | Daniel Walther, Swatch Group Services

Review Board

Endre Bangerter, BFH | Alain Beuchat, Banque Lombard Odier & Cie SA | Matthias Bossardt, KPMG | Daniel Caduff, AWS | Adolf Doerig, Doerig & Partner | Stefan Frei, ETH Zurich | Roger Halbheer, Microsoft | Katja Dörlemann, Switch | Pascal Lamia, BACS | Hannes Lubich, Board of Directors and Consultant | Luka Malisa, SIX Digital Exchange | Adrian Perrig, ETH Zurich | Raphael Reischuk, Zühlke Engineering AG | Ruedi Rytz, BACS | Riccardo Sibilia, DDPS | Bernhard Tellenbach, armasuisse | Andreas Wespi, IBM Research