Dependencies and sovereignty

Cybersecurity Map 00:01

State of the art

With the increasing digitalisation of business processes, the hardware and software solutions required for this form a central and critical component. At first glance, the supplier market appears to be extremely diverse and broadly based with regard to a wide variety of solutions. If one looks at the countries of origin of the providers, however, this apparent diversity is not what it seems. The market is clearly dominated by US companies, closely followed by Chinese and isolated global players from Korea (Samsung), Russia (Kaspersky), and Germany (SAP).

The situation is that without hardware and software solutions from US, Chinese and other companies, the dense digitalisation of processes as we know them today will not take place. This digitalisation is accompanied by the theoretical simplification of access to the ICT systems of domestic manufacturers, as well as service providers and thus to the stored, processed or delivered information, should the company's home state's laws permit – which they usually do, be it in China, the US or about anywhere.

In several countries, including Switzerland, a general discussion is taking place on how to extricate oneself from dependence on mainly the two de facto technology giants USA and China and creating some sort of independent domestic industry and alternatives. In Switzerland, this discussion was more broadly launched under the tag line “cyber sovereignty”. Which can also be more broadly seen as a discussion about how to deal with the fact that 99% of hardware, software and therefore our data and information are not solely guarded under Swiss law, but also under the legal frameworks of other nations.

Challenges

It is more than questionable whether Switzerland, as an industrial location, could in the near future develop any alternatives at all to the predominant hardware and software solutions of foreign suppliers. Even a coordinated industrial policy in this area, which is unusual for Switzerland, would only have a long-term effect, if at all. However, the digitalisation of business processes, "eHealth", the development of 5G and the like is already taking place today and the ICT components and solutions required for this are practically not produced at all, or only in small amounts, often at great expense in Switzerland.

Need for action

As a small, open economy, Switzerland is on the one hand dependent on foreign ICT manufacturers. On the other hand, it can also benefit from being able to balance the different interests of different countries with corresponding leading ICT industries. The Swiss economy will continue to depend in part on foreign ICT manufacturers for digitalisation. Thus, consistent risk management should be established with regard to possible government intervention and enforcement, which addresses handling manufacturers, suppliers, and providers of hardware and software solutions throughout.

Recommendations

  1. Critical dependencies, e.g. for sensitive components in critical infrastructures, must be checked cyclically. Central coordination of the dependency check is important.
  2. Check product liability
  3. Advancing European initiatives on critical dependencies and product liability
  4. Promote cooperation with local providers including Swiss start-ups

More articles from the Cybersecurity Map

 

Quantum computing

Cybersecurity Map
 

Information operations and warfare

Cybersecurity Map
 

Digitalisation / e-government

Cybersecurity Map
 

Cloud Computing

Cybersecurity Map