Critical infrastructure Protection News

07.05.12 - In the second half of 2011, the Reporting and Analysis Centre for Information Assurance (MELANI) observed an increase in phishing attacks, attempted fraud and ransomware. The current semi-annual report of MELANI examines issues such as the various types of fraud and attacks occurring in the second half of 2011. The report presents the most significant trends involving the threats and risks arising from information and communication technologies (ICT), which are part of critical infrastructures. It provides an overview of the events in Switzerland and abroad, illuminates the most important developments in the field of prevention, and summarises the activities of public and private actors.

18.04.12 - The Swiss Federal Council has endorsed a report regarding Swiss Power Supply and the Security of the Swiss Power Supply. The report is a result from a Postulate of the Swiss National Council’s Committee for the Environment, Spatial Planning and Energy CESPE of May 11, 2009. The Postulate asked for extensive information with regards to power supply resulting from renewable energy in the European context.

The Swiss Federal Council declares that renewable energies are an important cornerstone of the energy policy that was defined on May 25, 2011 by the Swiss Federal Council. The expansion of power supply coming from renewable sources requires however a simultaneous expansion of the electricity grid. The Swiss Federal Council opines among others a big potential for pumped storage hydro power stations in Switzerland, as they are able to store a large quantity of energy and consequently may contribute to the compensation of the volatile power supply coming from wind- and solar energy of Switzerland’s neighboring countries.

Power Supply is an important sub-sector of critical infrastructures and hence of essential importance for the good functioning of the State, the economy and the society. The strengthening of Switzerland’s power supply security is an important element in Critical Infrastructure Protection.

01.03.2012 - The Swiss Federal Nuclear Safety Inspectorate ENSI wants to improve the security of Switzerland’s nuclear power plants. After a thorough analysis of the events of Fukushima, the ENSI has defined follow-up actions concerning eleven key issues. The action-plan of 2012 approaches test points, which had been identified last autumn within the framework of “Lessons Learned after Fukushima”, as well as unresolved questions, which are listed in the Swiss country report for the European Union’s stress-test.

The current action-plan contains 29 topics such as earthquakes, flooding, extreme weather conditions, long-lasting loss of electricity, ultimate heat-sink coolant-loss, pressure release of the containment, hydrogen management, emergency management at the national level, safety culture, experience back flow, international surveillance and cooperation as well as the external deposit in Reitnau.

Switzerland’s nuclear power plants are part of the critical sub-sector power supply. They play an important role in the production of electricity in Switzerland. Disruptions or failures in the power supply have severe consequences for the society, the economy and the State. The security of Swiss nuclear power plants is therefore of particular importance for the Swiss Programme for Critical Infrastructure Protection, too.

22.02.2012 - The Swiss Federal Council decided on February 22, 2012 to mandate the Swiss Federal Chancellery to organize a national strategic leadership exercise focusing on a cyber attack. The exercise will be split in four parts and will take place from September 2012 – May 2013.

Swiss national strategic leadership exercises have a double function: On the one hand they have to reflect on a strategic level within the Swiss Federal Administration on the ability of the Swiss Federal Council to take decisions during an extraordinary event. On the other hand, the exercises will help evaluate the coordination within Swiss Federal Departments during an extraordinary situation.

Such exercises have already taken place in previous years. In 2005, the theme was the first day response to an epidemic outbreak. In 2009, the theme was a shortage in electricity supply.

The exercised themes are also relevant for the Swiss Program for Critical Infrastructure Protection (CIP). Emergency plans for the response of an epidemic outbreak are an integral part of Business Continuity Plans within critical infrastructures (CI). Electricity supply is key for the functioning of CI, but also for the society, the economy and the State. Due to the heavy penetration of IT within CI, cyber attack protection is crucial. IT-components have however also to be protected against natural or technical hazards. This requires a holistic approach.

20.02.2012 - According to a new study presented on February 20, 2012 by the Swiss Business Federation economiesuisse, a second Gotthard road tunnel is possible, if it is both financed and maintained privately. This is reported in a feasibility study on Public-Private-Partnerships led by economiesuisse. The study demonstrates how, under current circumstances, a private company could first build a second Gotthard road tunnel and subsequently renovate the existing one. The two tunnels could then be run and maintained for 50 years and then consequently be consigned gratuitously to the State. For this endeavour, proprietary capital of 370 million CHF and 1480 million CHF in borrowed capital is needed. Private investors could be e.g. pension funds, but also private firms and other funds. The financing of the second tunnel would be ensured by a toll.

Public-Private-Partnerships are an essential element in Critical Infrastructure Protection (CIP). This kind of collaboration may consist in information exchange regarding hazards, vulnerability and incidents. Moreover, it may also consist in common financing of the construction and/or operation of critical infrastructures, or in the common preparation and/or in incident response.

The creation of redundancy is another central element to strengthen the resilience of critical infrastructure, in this case within the sub sector road transport. This measure has however to be evaluated with other measures and has to be submitted to a risk-based cost-benefit analysis.

23.01.2012 - From now on the Reporting and Analysis Centre for Information Assurance MELANI will publish technical reports in the area of Information Assurance at irregular intervals. The reports will deepen actual topics related to incidents and occurrences in the information and communication technologies (ICT) and will address the corresponding set of problems and put them in a major context.

The first publication brings up current threats on the internet - perpetrators, tools, prosecution and incident response. This document is addressed to persons entrusted with the protection of IT infrastructures and electronic information.

Further information

07.12.2011 - The Swiss Federal Office for Civil Protection FOCP has participated in the international conference on critical infrastructure protection (Critis’11) from 8-9 September 2011 in Lucerne. The protection of critical infrastructure from technical disruptions and cyber-attacks is becoming increasingly important. During the international conference Critis’11 at the University of Applied Sciences Lucerne, experts debated various solution approaches so as to improve the protection of critical infrastructure. The disruption of critical infrastructure, either due to sabotage or due totechnical problems, has serious consequences on the functioning of society, the economy and the government. As a result, especially industrialized countries and large companies invest more and more resources in the protection of critical infrastructure, so as to limit the economic and social impact during a disruption.

31.10.11 - The analysis of the accident in Fukushima has demonstrated that Swiss nuclear power plants are safe. The Swiss Federal Nuclear Safety Inspectorate ENSI has identified several Lessons Learned from the accident in Fukushima. These insights will now be applied for the optimization of security within Swiss nuclear power plants. The ENSI has published these Lessons Learned in a report. All measures that emerge from this report have to be implemented by 2015.

After the accident in the Japanese nuclear power plant of Fukushima Dai-ichi on March 11, 2011, the ENSI has enacted urgent measures to evaluate security of Swiss nuclear power plants. The current report concerning the accident in Fukushima illustrates how Switzerland can optimize the security of its nuclear power plants. Swiss power plants do not exhibit any significant deficit in security. The ENSI has however investigated if an accurate optimization has to take place with regards to the current assessment of measures applying to significant accidents within nuclear power plants. Moreover, it also investigated the need for more protective measures for the population.

The ENSI has elaborated 37 test points so as to identify the potential of optimization. These points are presented in the current report. The points focus on various topics such as construction of the plants, emergency management, supervision, radiation protection and safety culture. The main focus lies in the optimization of emergency preparedness in Switzerland.
Various measures have already been implemented. The measures ask for more investments in safety and security by the operators of nuclear power plants. The ENSI controls the implementation of the measures consistently.

Until the end of the year, the ENSI will publish a fourth report with regards to the radiological consequences of the accident in Fukushima.

31.10.11 - In the first half of 2011, the Reporting and Analysis Centre for Information Assurance (MELANI) detected higher numbers of espionage attacks on the most diverse range of companies worldwide. The number of hacker attacks aimed at accessing sensitive data also increased. There was a massive increase in skimming cases in Switzerland. These are some of the focus areas of the latest semi-annual report, which was published by MELANI.

The primary objective of almost all online criminal activities is to generate financial gains. The attackers frequently choose the direct route by means of phishing in order to access the necessary confidential data. In general, the attacks are increasing rapidly, and it must be assumed that attempts are now made every day to enter corporate networks in order to spy on them. During the first half of 2011, some spectacular espionage attacks took place on the US NASDAQ stock exchange, France's Ministry of Finance and the US defence and technology company Lockheed Martin, for instance.

While skimming, i.e. spying on credit card data, has been a major problem abroad for a long time, MELANI saw a surge in Switzerland during the first half of 2011. While 135 manipulated cash machines were found in the whole of 2010, 225 were discovered already in the first four months of this year. The attackers are increasingly trying to manipulate not only cash machines, but also payment devices in supermarkets and ticket machines.

The report highlights further on the matter of security of SCADA software. It also informs about recent hacker attacks and gives an overview of cyber strategies in various countries.

11.05.11 - The Swiss Federal Nuclear Safety Inspectorate (ENSI) has published first results of the security review of Swiss nuclear power plants after the incident in Fukushima/Japan. Operators of Switzerland’s four nuclear power plants have been asked to make improvements to the spent fuel pools and earthquake and flooding resistance of their plants, following a post-Fukushima safety review. The ENSI says that although there is no immediate danger to the population, the plants must show how they will resolve the deficiencies by the end of August 2011.

On 18 March, ENSI ordered Swiss nuclear power stations to conduct an immediate review of their plants' earthquake and flood protection systems. The operators of these plants had to submit a report on their findings by 31 March 2011. Following on a review of these initial reports ENSI has identified a number of weaknesses, mainly surrounding the spent fuel pool.

Operators will need to submit an outline of the improvement measures to address these shortcomings by 31 August 2011. They will also need to provide ENSI with additional evidence of earthquake and flood protection for the spent fuel pool, as well as evidence that the pools are protected from hydrogen explosions.

By end of June 2011, operators must supply proof of their ability to cope with the worst flood likely in 10,000 years. By 31 March 2012 they must demonstrate control of a 10,000-year earthquake, taking into account earthquake-induced damage from nearby dams.

ENSI said that the work to evaluate and implement any safety measures deemed necessary at Swiss nuclear power plants could take several years, but it could be carried out while the plants are operational.

For further information, please visit (only available in German):

19.04.11 - The primary goal of cyber attacks continues to be to deny the availability of websites or to infect them with malware. In terms of motivation, a shift from pure acts of vandalism toward acts of revenge, damage to competitors, or political goals has been noted. The computer worm Stuxnet also shows that practically any system can be attacked. These are some of the focus areas of the 12th semi-annual report of MELANI.

As in previous periods, attacks on the availability of websites and networks were most common in the second half of 2010. The motivation for such attacks has shifted considerably, however. This is documented in the report of the Reporting and Analysis Centre for Information Assurance (MELANI).

Another important topic in 2010 was Stuxnet. This was the first computer worm attacking SCADA (supervisory control and data acquisition) systems, which are used to control industrial processes, including in the energy sector. Already discussed for years in expert circles, the problem of attacks against SCADA systems drew worldwide attention for the first time. The example of Stuxnet shows that with sufficiently high levels of motivation and sufficient resources, practically any systems can be infiltrated and sabotaged sooner or later. It must therefore be expected that similar attacks will occur again in future.

Additionally, the current MELANI semi-annual report examines the increasing attractiveness of smartphones for Internet criminals, cloud computing, and changes in the underground and the associated adjustment of criminal business models.

24.03.11 - Twelve days after the devastating earthquake in Japan, the Swiss Federal Council has conferred a discussion paper edited by the Swiss Federal Department of the Environment, Transport, Energy and Communications (DETEC) regarding the effects of the nuclear accident in the nuclear facility of Fukushima in Japan on Swiss Energy Policy. Once the Swiss Federal Nuclear Safety Inspectorate (ENSI) issued the necessary decrees regarding the respective security questions, the Swiss Federal Council gave the nod to DETEC for the update of scenarios in terms of Swiss Energy Policy. In parallel, DETEC was commissioned to analyse the associated economic, domestic and foreign policy related questions in the context of the future of Swiss electricity supply. First results are expected to be presented for the June parliamentary session.

On March 14, 2011 and as immediate response to the events in Japan, DETEC suspended the three general license application procedures for the replacement of nuclear facilities in Switzerland. The suspension applies until the causes of the accident in Japan are analysed, the security standards for all Swiss nuclear facilities are examined and possible insights are adapted. Along with that, the Swiss Federal Council has commissioned DETEC to elaborate on new scenarios regarding Swiss Energy Policy and to develop corresponding action plans. The Swiss Federal Council would like to know the potentials, additional assistance measures and the time requirement. In particular, the Council would like to analyse more deeply measures regarding Smartenergy, Smartgrids, networks, energy efficiency, renewable energies, Research and Development, as well as to look more closely at pilot and demonstration facilities.

10.03.11 - In 2011, the Swiss Confederation will invest 1.9 billion CHF in its motorway network. 740 millions will be used for the construction of new parts of the network, while more than 1.1 billion will be invested in the expansion and maintenance of existing motorways. 79 million CHF will be spent in the elimination of existing bottlenecks of the network. In this regard, important construction works will take place between Härkingen-Wiggertal to expand that part of the motorway. For new construction works within the project of completion of existing network parts, 740 millions will be at disposal. This amount will originate from the Swiss infrastructure fund. The works within the project of expansion and maintenance of existing motorways will be paid from a special fund (Special financing of road traffic). This amount will be divided in 600 projects (460 project designs and 140 final projects).

For further information regarding the projects, please visit www.autobahnschweiz.ch .

21.02.11 - The hospital of Lausanne had to limit surgical admissions due to an antibiotic-resistant bacteria. The CHUV hospital in Lausanne has put 38 patients in quarantine because of a bacteria that resists antibiotics. This bacteria has already caused another hospital in canton Vaud to shut down its operating rooms for over a month. Surgery patients are being directed to other area hospitals if they do not require the specialty care offered by the university hospital in Lausanne.

The hospital has called the outbreak a nuisance but not worrisome. It spreads easily, so those concerned have been put in isolation, and concern remains that its resistance to anti-bacterial treatments will be passed to other bacteria that are more dangerous. Fortunately special drugs exist for those who have been infected. However for carriers, only time can heal.

14.02.11 - In the wake of January’s cyber-fraud on the world's carbon market, a senior EU official explains that of all threats to Europe's energy supply, cyber-attacks are "probably the most to be feared". Emissions trading registries in a number of EU countries were shut down as a result of a phishing scam tricking traders into giving away their emissions allowances. Phishing scams affect lots of online financial transactions, and now they have descended upon the ETS. Although emissions trading was still able to continue via the European Emissions Exchange, registries in nine member states - Belgium, Denmark, Spain, Hungary, Italy, Greece, Romania and Bulgaria Germany - closed to prevent any further losses.

Similar to online banking scams in which an email directs you to a website that is a copy of your own bank's webpage, and then asks for your bank details, these criminals reproduced the sites of the German and Czech registries. A handful of firms fell for the trap and ended up giving away their CO2 emissions allowances to the crooks, who will now be able to sell them on.

EU energy experts are of the opinion that the threat emerging cyber attacks pose to critical infrastructure should not be under-estimated. In fact, these attacks could soon belong to daily normality. Critical infrastructure operators are therefore advised to prepare and plan measures to prevent such attacks from happening.