Fighting cybercrime with SWITCH-CERT

For 25 years, SWITCH-CERT has been passionately committed to ensuring online security in Switzerland. In this interview, Silvio Oertli talks about milestones and the future.

Text: Silvio Oertli, published on 10.11.2021

Silvio, why was SWITCH-CERT established?

SWITCH identified the need to safeguard IT security after networking Swiss universities through its research and education network. So SWITCH decided to create a central security team which could support universities in dealing with incidents. The Computer Emergency Response Team SWITCH-CERT was set up in 1994 and in 1996 it was one of Switzerland’s first CERTs to be recognised internationally.

What services does SWITCH-CERT provide today?

Today, SWITCH-CERT is a leading independent centre of excellence in the field of information security, with excellent links to the international community. We support universities, the domain registries .ch and .li, the financial sector, industry, logistics and the energy sector in dealing with security incidents.

We help these groups protect themselves against cyber threats by assessing critical vulnerabilities and proactively providing hazard information. We conduct workshops with the aim of preparing our customers for critical situations. And we also give them the tools necessary to raise awareness among their employees and students. Most importantly, however, we give them the opportunity to share ideas and information in closed groups. We also support the banking sector with fraud cases in online banking.

 

Switzerland’s independent multi-sector CERT has a proven track record in protecting critical ICT infrastructures from cyberattacks as well as setting up and supporting communities while maintaining the utmost level of trust. Community voices.
What makes a successful CERT?

A successful CERT understands how its customers work. The aim is to provide independent advice and coordinate support in their interests. Having a global network of specialists is essential in offering customers the security they need and to coordinate incidents on an international level.

What sets SWITCH-CERT apart from GovCERT and other CERTs?

For certain sectors, SWITCH-CERT works hand in hand with GovCERT. We offer them custom services to suit their specific requirements, which GovCERT cannot provide because it is too broad-based. Unlike other CERTs, we offer absolute provider neutrality and have access to a very large international network.

What other CERTs are there in Switzerland and what are they responsible for?

Alongside GovCERT, there are private CERTs that work for their own companies or offer security services to third parties.

How do the various CERTs work together?

In Switzerland, CERTs are organised in the association of CH-CERTs. We share information about current cyber threats and how to detect them. We also work closely with the National Cyber Security Centre (NCSC). Through this, the CERTs are also networked internationally.

There is a skills shortage in the industry. How do you plan to find your future team colleagues?

Our range of tasks is very attractive, varied and meaningful, because both business and society benefit from our work. We also offer an exciting environment for personal development with a good work-life balance.

Why should I apply to SWITCH-CERT as a Cyber Security Expert?

We work in national and international networks, we’re recognised, and we experiment with new technologies. This gives us an international shop window and we receive worldwide recognition for our work.

What do you personally find most interesting in your work?

I enjoy the great variety and the many ways in which we support customers in the area of IT security. 

What’s the biggest coup that SWITCH-CERT has landed to date?

SWITCH-CERT has already been able to provide some valuable information in preliminary proceedings leading to the arrest of criminals.

What stops you yourself from entering the lucrative business of hacking?

I want to be able to go to bed at night with a clear conscience.

You celebrated your 25th anniversary recently. What have been the biggest changes over this period?

The attacks have become increasingly sophisticated and disparate. That’s why we’ve positioned ourselves more broadly and also incorporated the whole area of the “Internet of Things” into our work. 

What will be your main focus in the coming years?

On the one hand, the focus will shift to specialised workshops with our customers. On the other hand, we want to strengthen security with additional services. We’ll focus on services that reduce the response times to cyber threats through centralisation and use the collective knowledge of the entire community for their benefit.

Cybercriminals are always one step ahead of us. Do you see any solution to this problem?

Cybercriminals do not stick to the rules, so they will always be one step ahead of us. It’s important to be aware of this and able to deal with it.

The impression among non-experts is that cybercriminals usually go unpunished. Why is it so difficult to stop them in their tracks?

It’s easy to hide on the internet. Cybercriminals are flexible. Prosecution across national borders does not make it easy for authorities to bring those responsible to justice. But as cooperation improves between the authorities, the CERTs and private organisations, we can also catch more cybercriminals.

Cyber risks have been increasing for years. They rank among the greatest risks today. What do we need to do to make the internet a much safer place?

The internet is like a city. There are safe streets, but also dark alleyways. We’re never going to be able to make everywhere safe. But, through the healthy exchange of information between countries, we can identify the dark alleyways and point them out to internet users.

Because we’re so close to research activities, we’re also actively involved in establishing new standards that add substantially greater security. One example is the introduction of SCION, a new internet architecture developed at ETH Zurich.

Is it realistic to think that we can ever eliminate the threat of cybercriminals completely?

I would love to imagine a world where this is possible. But wherever you can make easy money faster than you can in the real world, there will always be people who follow this path. We can make things more difficult for these people, but at the same time, we need to understand that there will never be a city without criminality.

And what is your response to that?

Some years ago, we started putting greater emphasis on security awareness. The aim is to provide our customers with the tools necessary to raise awareness about cyber threats among their users.

We also support alliances between the various CERTs, security companies and domain registries so that they can share information quickly and easily. That means that we can quickly protect and warn internet users.

About the author
Silvio   Oertli

Silvio Oertli

Silvio Oertli studied for a degree in IT at the Zurich University of Applied Sciences alongside his work and graduated in 2006. After spending several years in law enforcement, he joined SWITCH in 2015. He is now in charge of the CERT team for the universities and the registry.

E-mail

#Security

This article was first published at inside-it.ch and inside-channels.ch (in German only) as part of SWITCH's #Security column. The column appears six times a year. Security experts from SWITCH independently express their opinions on topics relating to politics, technology and awareness of IT security.

Tags
Security
Other articles