Opening the event, SERI Head Martina Hirayama stressed the importance of cybersecurity for the Swiss economy and society. In her address, she underscored the crucial role played by international cooperation in cybersecurity research. When facing up to the challenges of the digital world, it was essential, she said, to harness as many potential synergies as possible at both national and international level. In this context she explained the role of government in education, research and innovation (ERI), reminding her audience of the bottom-up principle adopted by institutions.
State Secretary Hirayama also gave an update on the current options for participation in the EU’s framework programmes and the transitional measures that have been adopted for the 2021 to 2023 period. She concluded by thanking the speakers for their willingness to share their viewpoints, explaining that it was crucial to be aware of the needs of the various stakeholders and the challenges facing them to ensure that the correct measures and decisions were taken in Switzerland from a research-promotion perspective.
The presentations and the input provided during the panel discussion give rise to the following recommended actions:
There was unanimity among participants that global instability and fragmentation have raised a number of serious threats that need to be overcome. These include such disparate scenarios as limited access to technologies, fragmented supply chains, restricted talent mobility or developing cyberweapon arsenals. The large number of long supply chains are a particular source of cybersecurity risks.
To take one example, the production of a mobile telephone may involve over 100 companies. This increases the risk of one chip being “contaminated”, for instance – in other words carrying malware or spyware. Countries that have the capability to scan chips and identify contamination are at lower risk of falling victim to criminal activity. Addressing threats and minimising risks requires specific capabilities that can be obtained through research.
The Cyber-Defence Campus (CYD) operated by armasuisse has cooperated with SATW to produce an Overview of the Swiss cybersecurity research landscape as a contribution to the national strategy for the protection of Switzerland against cyber risks (NCS). This analyses where strategic research – i.e. research over an extended period using defined resources – is being conducted in Switzerland and in which areas of cybersecurity.
The study by CYD Campus and SATW covers Swiss higher education institutions, but specifically excludes institutions with a specific focus, such as universities of teacher education. Certain universities of applied sciences have more difficulty commencing research or conducting strategic research with a definite focus owing to the lack of basic funding. These have been omitted from the map for this reason.
As the study shows, research in Switzerland focuses primarily on three areas: software and hardware security engineering, cryptology, and network and distributed systems. Although there is research in a large number of areas, it is often the case that only very few full-time equivalents are employed in a particular area.
According to the experts at CYD Campus, the research shortfalls are in insecure standards, automation and new technologies such as quantum computing. To obtain a comprehensive overview, the research activities of SMEs and private research institutions will be included in future studies. Recording these activities is a complex undertaking that requires better cooperation and joint engagement from a wide range of stakeholders. As a further complicating factor, there is currently no overview of the players who are actually conducting strategic research nor any method for quantifying them.
The European Cybersecurity Competence Centre (ECCC), a new authority that is currently in the set-up phase, has the task of strengthening and coordinating cybersecurity-related activities in the EU. The major problem within the EU is not the research itself, but translating the outcomes of research into products. This requires intensive cooperation within the EU to link up companies and countries. The ECCC follows a primarily strategic approach that complements the ongoing operational activities of the European Union Agency for Cybersecurity (ENISA). It is involved in the EU’s comprehensive strategies, including the Digital Compass, European Security Union and EU cybersecurity strategy.
Due to be operational from the start of 2024, the purpose of the ECCC is to harmonise the three existing strategies that were developed in different parts of the European Commission. Switzerland is currently treated as a non-associated third country for the purposes of Horizon Europe and related programmes and initiatives. For this reason, it does not at present have any way of negotiating participation in the ECCC.
Switzerland’s National Cyber Security Centre (NCSC) is responsible for prevention and awareness-building in cybersecurity. The NCSC started out as a public-private partnership named Melani. Today, it works closely with Swiss research institutes and organisations that translate research into practice, including SATW and CYD Campus.
The NCSC is involved in a large number of national research projects. Its strategic research goal is to strengthen and promote Switzerland as a centre of cybersecurity innovation. Switzerland has the potential to be a leading location for cybersecurity services and products. However, there is a lack of funding and international cooperation faces challenges. The NCSC is currently focusing on bolstering individual players, funding innovation and setting clear standards for cybersecurity in Switzerland.
Lack of access to the European Research Council (ERC) and Marie Skłodowska-Curie Actions (MSCA) is increasingly reducing the appeal of Swiss higher education institutions. Both attract young talent, so loss of access restricts the influence of Switzerland’s higher education institutions.
Increased cooperation internationally is therefore crucial in building trust. Although Switzerland can currently take part in Horizon Europe projects, it cannot help set the agenda. One possible solution for SMEs that currently also have no access to European funding resources is to establish a legal base in a different country.
Funding start-ups and scale-ups in Switzerland is essential in maintaining the country’s capabilities. The establishment of a National Centre of Competence in Research (NCCR) in cybersecurity could be both helpful and productive since a network of academic, public-sector and private-sector players would help improve structures and could promote networking of the Swiss research landscape internationally.