SWITCH-CERT – from pioneer to centre of expertise

The tasks faced by a modern Computer Emergency Response Team today go far beyond managing damage. Doing without prevention, training, education, cooperation, and machine learning has become unthinkable for anyone who wants to keep up with cybercrime.

Text: Martin Leuthold, published on 11.11.2020

SWITCH-CERT will celebrate its 25th anniversary next year. Soon after the first ‘worms’ appeared on the Internet, the Swiss Internet pioneer SWITCH decided to grapple systematically with the issue of security in order to protect its customers. The result, founded in 1996, was one of the first Computer Emergency Response Teams (CERT) in Switzerland. Since then, the team has continued to grow and develop and is today a multi-sector CERT for Swiss universities, domain registry, banks, industry, and logistics & energy. It is also one of two national CERTs for Switzerland. The Federal Office of Civil Protection considers it critical infrastructure for Switzerland.

Prevention, detection and management

Today, SWITCH-CERT provides its customers with a broad range of services. The spectrum reaches from preventative provision of information, awareness raising and training through to continuous updates about the specific threat situation (threat intelligence) for our customer groups. On top of that, we coordinate incident management, combat the abuse of .ch and .li domain names, and provide managed security services. Our services include the SWITCH DNS Firewall, operation of an OT (see box) lab, and forensic analysis of successful attacks.

Connected at all levels

Given the global dimension of the threat, international collaboration with a high level of trust is becoming more and more important. SWITCH had the foresight to build up such collaborations over many years and continues to expand them systematically today.

Centre of expertise against cybercrime

Targeted expansion of our activities in additional sectors allows us to broaden and improve our range of services, refine our understanding of the threat situation in Switzerland, and work more efficiently. In addition, since our strong centre of expertise brings together experts in one place, we are also able to keep up with the rapid developments in cybercrime. Universities and research institutions are among the beneficiaries. Continuously improving their protection still remains one of our primary objectives.

The following four articles will give an insight into the diversity of the issues SWITCH-CERT faces and its activities:

  • People are becoming more and more important as a vector of attack for Internet criminals. In response, SWITCH-CERT has successively upgraded and expanded its expertise in security awareness in recent years.
  • The targeted use of machine learning methods offers substantial added value in a CERT, where large quantities of data are processed. That's why we're exploring security monitoring data together with the Swiss AI lab ‘IDSIA’ in our SWITCH Innovation Lab.
  • By intensifying our activities in the industry & logistics and energy sectors, we have deliberately built up expertise in operational technology (OT) and the Internet of Things (IoT) since 2018. These topics are also becoming more and more relevant in the context of digitalisation in universities.
  • One of our leading malware analysts describes why the topic is gaining in importance in all SWITCH-CERT sectors and what his day-to-day life looks like.

SWITCH-CERT protects your critical ICT infrastructure against cyber attacks.

About the author
Martin   Leuthold

Martin Leuthold

After studying at ETH Zurich, Martin Leuthold worked in a number of security functions in Switzerland and abroad, including CISO of a multinational industrial conglomerate. He has been in charge of SWITCH’s Security division since February 2016.

E-mail

Operational technology

Operational technology is an umbrella term for what are known as cyber-physical systems, such as traffic or building management systems, industrial or laboratory control systems, and energy management systems.

Tags
Security
Other articles