GENEVA, Aug. 27 (Xinhua) -- After several recent cyber attack on emails of some 15,000 government employees, Switzerland on Monday released minimum standards for companies and organizations to protect the country's critical infrastructure.
Earlier this month, an investigation by the Swiss local SonntagsZeitung newspaper found that the email addresses and passwords of some 15,000 employees of various state administration bodies, companies close to the state, universities, and other official organizations had been hacked and traded on the darknet.
That hackers have access to such email accounts could allow them to infiltrate further into sensitive areas of the administration, especially if the accounts in question use the same password for several different sites or purposes, the newspaper said.
On Monday, the Federal Office for National Economic Supply (FONES) released the Minimum Standard for ICT Resilience to includes 106 concrete actions covering technical measures as well as recommendations on improving internal organization and prevention systems. It is described as a decision-making guide with advice and instructions for detecting and responding to hacking quickly and decisively.
The authority said the standard can help detect an attack faster, but some critics question whether a minimum standard goes far enough as basic services become increasingly dependent on digital technology.
According to such a standard, increasing digitization in many aspects of life can unlock tremendous economic and social potential, but can also present new threats. Individual businesses and organizations have a responsibility to protect themselves.
"However, wherever the functioning of critical infrastructures is affected, the state also has a responsibility, based on its remit as laid down in the Federal Constitution, and on the National Economic Supply Act," it adds.
The Minimum ICT Standard was released just as the Attorney General's Office suspended criminal proceedings in connection with the cyber attacks carried out against government-owned defense firm RUAG in 2014. The government has not been able to identify the source of the attacks but insisted that none of the information stolen compromises national security.
