Increasing security risks: The close linking of IT and OT systems creates new areas of attack. OT devices have a very long service life of up to 30 years, especially in industrial environments - ensuring security updates over such a long period is a challenge.
Lack of standardisation and certification: The market for IoT devices suffers from a lack of security standards and inadequate regulation, particularly in the consumer sector. There is a market failure here, as manufacturers bring devices to market quickly and cheaply.
Focus on "safety" instead of "security": In the industry, the focus is on accident prevention (safety), while cybersecurity (security) is given too little consideration.
Fragmented responsibilities: A lack of harmonisation between international standards and national initiatives makes it difficult to implement secure end-to-end security solutions.
Establish security standards and regulation: Switzerland should introduce mandatory minimum standards for IoT and OT devices and work closely with the EU, e.g. as part of the Cyber Resilience Act. Certifications for secure devices promote transparency and strengthen trust in networked technologies.
Promote awareness in business and society: Awareness campaigns should raise awareness of cyber risks among companies and private individuals. Training programmes on cyber security and best practices are important for industry and OT sectors in order to avoid security gaps due to ignorance or negligence.
Provide targeted support for research and innovation: Policymakers should promote research into security architectures for IoT and OT devices, including solutions for short-lived and long-term systems. Innovative approaches such as zero-trust models and micro-segmentation should be promoted to secure networked systems.
Strengthen security checks and independent tests: The National Cybersecurity Testing Institute (NTC) should be further supported to identify and fix vulnerabilities in IoT and OT devices at an early stage. Quality tests by independent bodies should be established as a standard, similar to those in medical technology.
Umberto Annino, Microsoft | Martin Leuthold, Switch | Daniel Walther, Swatch Group Services
Endre Bangerter, BFH | Alain Beuchat, Banque Lombard Odier & Cie SA | Matthias Bossardt, KPMG | Daniel Caduff, AWS | Adolf Doerig, Doerig & Partner | Stefan Frei, ETH Zurich | Roger Halbheer, Microsoft | Katja Dörlemann, Switch | Pascal Lamia, BACS | Hannes Lubich, Board of Directors and Consultant | Luka Malisa, SIX Digital Exchange | Adrian Perrig, ETH Zurich | Raphael Reischuk, Zühlke Engineering AG | Ruedi Rytz, BACS | Riccardo Sibilia, DDPS | Bernhard Tellenbach, armasuisse | Andreas Wespi, IBM Research