research on cyber risks in switzerland€¦ · national science and technology council, published...
TRANSCRIPT
Federal Department of Finance FDF
Federal IT Steering Unit FITSU
NCS Coordination Unit
Research on cyber risks in Switzerland
2017 expert report on identification of the most important research topics
Expert report on identification of the most important research topics
2
Publication November 2017
Authors Isabelle Augsburger-Bucheli, Endre Bangerter, Luca Brunoni,
Srdjan Capkun, Eoghan Casey, Jacques De Werra, Myriam Dunn Cavelty, Martin Eling, Sébastian Fanti, Solange Ghernaouti, David-Olivier Jaquet-Chiffelle, Markus Kummer, Vincent Lenders, Gustav Lindstrom, Martin Gwerder, Rolf Oppliger, Evelyne Studer, Manuel Suter
Mandate State Secretariat for Education, Research and Innovation
SERI Federal IT Steering Unit FITSU
Responsible for Federal Department of Finance FDF publication
Federal IT Steering Unit FITSU
Schwarztorstrasse 59
CH-3003 Bern
Tel +41 (0)58 462 45 38 Email: [email protected]
Expert report on identification of the most important research topics
3
Contents
1 Introduction ................................................................................................... 4
2 Mandate, goals, and approach .................................................................... 5
2.1 Context ................................................................................................................... 5 2.1.1 National context: Strategies and political specifications ............................................ 5 2.1.2 International context: Research agendas of other countries and international
organisations ............................................................................................................ 5
2.2 Goals ....................................................................................................................... 6 2.3 Approach ................................................................................................................ 6
3 Research topics ............................................................................................ 7
3.1 Classification of research topics .......................................................................... 7 3.2 Research areas....................................................................................................... 8 3.2.1 Protection of privacy and personal data ................................................................... 8 3.2.2 Security of computer networks ................................................................................. 9 3.2.3 Legal framework..................................................................................................... 10 3.2.4 Prevention and prosecution of cybercrime.............................................................. 11 3.2.5 Incident detection, incident response, digital forensics ........................................... 12 3.2.6 Management of cyber risks .................................................................................... 14 3.2.7 Economics of cybersecurity .................................................................................... 15 3.2.8 Security of cyber-physical systems......................................................................... 16 3.2.9 Cybersecurity in international relations ................................................................... 17 3.2.10 Human and social factors in cybersecurity ............................................................. 18
3.3 Focus topics: Especially relevant areas, technologies, and applications ....... 19 3.3.1 Big data .................................................................................................................. 19 3.3.2 Cyber risks and cloud computing ........................................................................... 20 3.3.3 Security in fintech ................................................................................................... 21
4 Conclusion .................................................................................................. 22
Expert report on identification of the most important research topics
4
1 Introduction
For governments, public institutions, businesses, and also for the individual citizen, cyber
risks long ago ceased to be simply a potential threat. Instead, they have become a reality
that gives rise to high costs and diminishes trust in the use of new technologies overall. The
spectrum of cyber risks now ranges from the defacement of websites to criminal activities
such as phishing and extortion using denial-of-service attacks, and even very targeted
espionage attacks and sabotage aimed at governments, critical infrastructures, and
businesses.
For universities and other research institutions, the rapid development of cyber risks has
made it difficult to focus research activity in a way that improves understanding of the
problem. While many universities have recognised the importance of the topic and expanded
their research in this field, it must unfortunately still be noted that the necessary specialised
knowledge has not yet been generated to a sufficient extent in many areas. This is due not
only to the very dynamic developments of cyber risks, but also to the difficulty of doing justice
to a strongly interdisciplinary field such as cyber risks. Traditionally, questions relating to
cyber risks are primarily investigated in computer science. This technical research continues
to be important for understanding the problem, but technical insights about cyber risks alone
are not sufficient to do justice to the topic as a whole. It is just as important to understand
what economic and political incentives lead to the widespread diffusion of cyber risks, how
society can be educated to deal with cyber risks, and what legal steps must be taken to
contain the problem.
For university research with its strongly disciplinary approach, dealing with new cross-
disciplinary topics is a challenge. For one, there is often a lack of common understanding of
the topic; at the same time, research policy still often lacks incentives for interdisciplinary
research. For society, the economy, and the state, however, it is of the utmost importance
that the available competences in many different disciplines be further expanded and utilised
together with the knowledge from other disciplines so that research can make a contribution
to the better understanding of cyber risks.
This report aims to make such a contribution. It lists possible research topics that an
interdisciplinary group composed of experts from many different Swiss academic institutions
believe to be especially relevant. The experts briefly describe each topic and then identify
important research areas and possible research questions. This not only aims to show
researchers in the various disciplines where potentially interesting research questions
relating to cyber risks may be found, but also to enhance a common understanding for
relevant interdisciplinary research. Not least of all, the report also aims to give an impetus for
research policy to promote specifically interdisciplinary research projects in the field of cyber
risks.
Expert report on identification of the most important research topics
5
2 Mandate, goals, and approach
Before presenting the identified research topics and questions, this chapter will explain the
context in which this expert report was prepared, what goals it pursues, how it was
developed, and wherein the challenges consisted for identifying the most important research
topics in the field of cyber risks.
2.1 Context
2.1.1 National context: Strategies and political specifications
This report was prepared in the context of the national strategy for the protection of
Switzerland against cyber risks (NCS). This strategy attaches great importance to
competence building. In sphere of action 1, the strategy defines the following measure:
«New risks in connection with cyber crime are to be researched so that informed
decisions can be made at an early stage in the private sector and political and
research circles. Research focuses on technological, social, political and economic
trends that could affect cyber risks.»
The State Secretariat for Education, Research and Innovation (SERI), jointly with the NCS
Coordination Unit, was mandated to implement this measure. Together with other federal
offices interested in research on cyber risks, the importance was first recognised of
identifying the most relevant research topics with the help of experts. This report is the result
of that work.
Alongside the NCS, other strategies and programmes of the federal government are also
relevant to research in the field of cyber risks.
- Digital Switzerland Strategy of the Federal Council: One of the goals of the
Federal Council's strategy is to promote research and education relating to
digitalisation. The strategy states, «In order to meet the needs of our digital society
and economy [...], there should be a targeted approach to the promotion of new
education and training opportunities, university teaching positions and research
centres, taking into account division of skills and university autonomy. The objective
is to ensure the availability of specific skills in the fields of data analytics, data-driven
innovation, artificial intelligence, robotics and the Internet of Things. Research into the
consequences and social impact of these technologies shall be considered as part of
an assessment of the consequences of technology.»
- National Strategy for Critical Infrastructure Protection: One of the goals of the
strategy is to develop scientifically sound foundations for the integral protection of
critical infrastructure. As part of the strategy, «technological and environmental
developments shall be observed that may lead to new risks.»
2.1.2 International context: Research agendas of other countries and international organisations
Several countries have already published research strategies, programmes, and agendas
relating to cyber risks. The following recent examples show what topics other countries
regard as especially relevant in the field of cyber risks:
- Germany: «Self-determined and secure in the digital world 2015-2020», research
framework programme of the federal government, published January 2016.
- Netherlands: «National Cyber Security Research Agenda II», report of an academic
expert group mandated by the government, published 2014.
Expert report on identification of the most important research topics
6
- United States: «Federal Cybersecurity Research and Development Strategic Plan»,
National Science and Technology Council, published 2016.
Several projects also exist at the EU level to promote research on cyber risks. The following
two projects are especially relevant to identifying research topics:
- European Union Agency for Network and Information Security (ENISA):
«Cybersecurity Strategic Research Agenda», published 2015.
- CyberROAD project of the European Commission: a project to list all relevant
research relating to cybercrime, ongoing.
2.2 Goals
Building on the NCS mandate and the context described above, this report pursues three
goals:
1) Identification of research in the specialist disciplines: The listing of research
topics and questions aims to encourage researchers in the specialist disciplines to
undertake relevant research projects. The research report aims to serve as an
inspiration and motivation for professors, researchers, and students to examine one
of the many aspects of cyber risks. 2) Motivation for interdisciplinary research: The listing of research questions in the
various disciplines aims to help create a common understanding of the topic of cyber
risks and thus to promote interdisciplinary research. Because the report looks at the
topic from a variety of perspectives, it helps specialists understand in what other
disciplines similar questions are being raised and where interdisciplinary cooperation
is possible and useful. 3) Sensitisation of research policy to the topic of cyber risks: Because the topic has
a distinctly interdisciplinary character, every discipline must figure out for itself where
and why research in this field is relevant. The report attempts to convey an overall
view to policymakers in order to illustrate that research on cyber risks requires a
broad and, where possible, interdisciplinary approach and that it should be supported
accordingly.
Everyone involved is aware that the report can only be a first step toward attaining these
goals. But it is important to take that first step in order to achieve more coherence in cyber
risk research in Switzerland and to strengthen the network of researchers in the various
disciplines.
2.3 Approach
To fulfil the NCS mandate to promote research, an interdepartmental committee was
established under the leadership of the State Secretariat for Education, Research and
Innovation (SERI) to coordinate research promotion in the field of cyber risks. The committee
members quickly realised that experts from many different Swiss academic institutions
should be included to identify the most important research topics. A large majority of the
approached experts agreed to participate in the project. The expert group consists of the
following 16 persons:
- Prof. Isabelle Augsburger-Bucheli, Haute école de gestion Arc, Neuchâtel (HES-SO)
- Prof. Endre Bangerter, Bern University of Applied Sciences
- Luca Brunoni (LL.M / MA), Haute école de gestion Arc, Neuchâtel (HES-SO)
- Prof. Srdjan Capkun, ETH Zurich
- Prof. Eoghan Casey, University of Lausanne
- Prof. Jacques De Werra, University of Geneva
- Dr Myriam Dunn Cavelty, ETH Zurich
Expert report on identification of the most important research topics
7
- Prof. Martin Eling, University of St. Gallen
- Sébastian Fanti (lawyer), Canton of Valais
- Prof. Solange Ghernaouti, University of Lausanne
- Prof. Martin Gwerder, Fachhochschule Nordwestschweiz
- Prof. David-Olivier Jaquet-Chiffelle, University of Lausanne
- Markus Kummer (diplomat), ICANN Board of Directors
- Dr Gustav Lindstrom, Geneva Centre for Security Policy
- Prof. Rolf Oppliger, University of Zurich
- Evelyne Studer, Master of Laws, University of Geneva
The composition of this expert group took account of the need to include different disciplines
and to represent both universities and universities of applied sciences. A balanced
representation of language communities and genders was also ensured. In four joint
meetings in 2016, the experts first agreed on the most important research topics before
developing them and submitting them for mutual review.
3 Research topics
The comprehensive digitalisation of society and the economy entails that cyber risks have
become an important topic in many different domains. Accordingly, the potential research
topics in this field are innumerable. Choosing the most important topics and classifying them
in a comprehensible way was the most difficult challenge for the expert group. The topics
presented here are the result of open discussions within the interdisciplinary group. The
listing in no way claims to be complete and should not be considered exhaustive. But it does
aim to provide an overview of interesting and relevant topics and in that way to serve as an
inspiration for researchers and as information for decision-makers in politics and the private
sector.
The first section of this chapter presents the method for structuring the research topics. For
the purpose of understanding the report, it is important to know why which topics have been
included in which subchapters. The following sections contain the listing of research topics.
General research topics are described in a first part of the inventory, followed in a second
part by research topics on specific applications and technologies.
3.1 Classification of research topics
There are many different possibilities for classifying research topics in the field of cyber risks.
The expert group discussed these possibilities and agreed to divide the listing into two parts.
The first part contains the general research areas, including all general and overarching
research areas (such as research on risk management or research on data protection and
privacy). In a second part – the focus topics – topics relating to specific technologies or
applications are listed that the expert group has identified as especially relevant in
connection with cyber risks. Examples of focus topics are research on fintech and cloud
computing.
This classification was chosen for the following three reasons:
1) Research on cyber risks is cross-disciplinary
An overview of research topics would typically be structured according to the
traditional academic disciplines. In the field of cyber risks, however, this would be
introducing artificial boundaries. Cyber risks are a many-faceted phenomenon and at
the same time concern a wide range of different areas, so that cross-disciplinary
approaches are necessary to analyse them. For instance, many technological
research topics are directly connected with legal questions and vice-versa. The
expert group therefore decided not to rely primarily on academic disciplines when
Expert report on identification of the most important research topics
8
compiling the list of research topics.
2) Unavoidable overlaps among topics
Another structuring option would have been to classify research topics according to
areas of application and technologies. But this choice would have resulted in
numerous repetitions because similar research topics are relevant to many different
areas of application and technologies. Overlaps remain even when the list is
structured according to topic area, but these overlaps can be made transparent in the
chapter, making it clear where which topics are dealt with.
3) Different degrees of specification: Research areas vs. focus topics
New research topics in the field of cyber risks generally arise when new technologies
have been developed, when existing technologies are used in different areas of
application, or when new applications entail that existing technologies are used in
new ways. Examples of such developments include cloud computing, the internet of
things, or big data analytics. Developments of this kind must be taken into account
when compiling an overview of research topics. The expert group decided to list
these important developments and resulting specific research questions as focus topics in separate chapters.
3.2 Research areas
The expert group identified ten general research areas:
1) Protection of privacy and personal data
2) Security of computer networks
3) Legal framework
4) Prevention and prosecution of cybercrime
5) Incident detection, incident response, digital forensics
6) Management of cyber risks
7) Economics of cybersecurity
8) Security of cyber-physical systems
9) Cybersecurity in international relations
10) Human and social factors in cybersecurity
Each of these topics is discussed in a separate subchapter below. Each subchapter begins
with a general description of the research area, followed by a discussion of the relevance of
the research area and a list of the possible interfaces with other areas. Finally, possible
research topics in all the relevant disciplines are listed, and examples of interesting research
questions are given. Neither the listing of topics nor of the questions should be considered
exhaustive or complete, but rather they are intended to convey an impression of potential
research projects.
3.2.1 Protection of privacy and personal data
Description of research area:
The strongly increased capacities for the collection, storage, and analysis of data pose
new challenges for the protection of privacy and of the data itself. By using services on
the internet, users share a large amount of data – sometimes deliberately (e.g. through
social media), but often also unwittingly because their data is tacitly being collected,
stored, and commercialised. Large companies and some governments are able to
sweepingly monitor user behaviour. The situation is made worse by the fact that data no
longer vanishes, and the «right to be forgotten» – i.e. the deletion of data and information
– is hardly enforceable for the user anymore.
Research on the topics of data protection and privacy is relevant to a wide range of
Expert report on identification of the most important research topics
9
disciplines. Described here are the research topics in computer science and
cryptography. In these disciplines, the central challenge lies in the fact that data is
increasingly being collected and managed on a decentralised basis. Physical protection
of systems is therefore no longer sufficient to ensure appropriate protection of privacy. It
must be replaced by logical protection using cryptological methods for authentication,
access control, and usage control.
Relevance:
Protection of privacy and data is increasingly coming under pressure due to the progress
of digitalisation. Data – which is often personal – can easily be misused, and the
prevalent lack of transparency in the decentralised collection and management of data
causes users to lose their sense of security. Research at various levels is thus absolutely
necessary to find solutions for improving the current situation.
Related research areas
Incident detection, incident response, digital forensics; Legal framework; Prevention and
prosecution of cybercrime; Management of cyber risks; Security of cyber-physical
systems
Possible research topics
Cryptological research: The development of cryptological methods to ensure
anonymity or pseudonymity is still an important research area. It forms the basis for
providing users with alternatives to protect their data. The development of Tor and e-
voting applications are based on these technologies.
Data-minimising identity management: For the systems currently in use to identify
users, certificates are transmitted that contain a lot of information about the user (e.g.
PKI certificates). To improve data protection, new identification methods should be
developed that contain as little data as possible about the user.
Privacy by design: When developing new technologies and applications, the
protection of privacy and data should already be taken into account during the
development phase. Research should establish suitable foundations and demonstrate
the technological possibilities.
Examples of research questions:
- What new technologies can help ensure that users regain control of their data?
- How can traceability of the use of data be ensured?
- What is the significance of quantum computing for existing encryption techniques?
- How can the protection of privacy and data be taken into account better in systems
design?
- What technical standards can be developed and applied in the field of data protection?
3.2.2 Security of computer networks
Description of research area:
The internet has revolutionised our society over the past 30 years. Industry, private
individuals, and governments have become increasingly dependent on continuously
functioning, secure communication infrastructure. Today's communication protocols and
the hardware/software running on the connected computer systems are very fragile,
however, and can be misused by malicious actors with simple means. As a consequence,
denial-of-service attacks, data thefts, and extortions of organisations and individuals have
become daily occurrences.
The vulnerability of networks, in combination with our high level of dependency on these
infrastructures, has become a central challenge of cybersecurity. Research must show
how the resilience and robustness of computer networks can be strengthened
accordingly. It must be considered which existing components of networks can be made
secure with which methods, and what components have to be completely rethought and
redesigned.
Relevance:
Research can make an important contribution to the development of resilient and robust
Expert report on identification of the most important research topics
10
computer networks. New network technologies must be developed that already integrate
security into their design, but also methods must be found to protect the existing
computer networks, given that the installed infrastructures cannot simply be replaced
from one day to the next.
Possible research topics:
Architectures for secure networks: Network architecture must be organised and
operated in a way that ensures monitoring of data traffic so that unwanted activity can
be identified quickly. As the complexity of networks increases, the demands on
architecture increase as well. Research should show what solutions are suitable for
what networks and should develop innovative architectures.
Securing existing network protocols: Many of the protocols used today do not
encrypt the transmitted data. This entails the risk that data can be read or even
manipulated by unauthorised parties. But because of their widespread use, it will take
a long time to replace these protocols. Research is therefore necessary on technical
solutions to secure these protocols.
New, secure network protocols: The development of new, secure network protocols
is an important contribution of research to improving the security of data transmission
within and across networks.
Minimisation of hardware support: Abstracting and virtualising hardware can at
least partially defuse the problem of security of terminal devices. Minimising hardware
dependency can therefore be a path toward strengthening network security. The
possibilities and limits of this approach must be further analysed.
Secure integration of applications: Network security includes the question of how
various applications can be integrated securely. Research can develop new methods
for validating and monitoring the data transmitted by applications and for restricting
use and user groups.
Examples of research questions:
- How can our communication infrastructures be made more robust against denial-of-
service attacks?
- How can application and systems software/hardware be checked and verified for
vulnerabilities?
- How can secure software for applications and communication infrastructure be
developed?
- How can computer networks be protected better against malware and data theft?
- How can hacker attacks be detected more quickly?
3.2.3 Legal framework
Description of research area:
Legal questions relating to regulation of the digital world are becoming increasingly
important and are posing difficult challenges for lawmakers. The complexity and
multidimensional nature of the topics in the field of cybersecurity make it difficult to
anticipate legislative developments and to recognise and comprehensively cover new
topics as they arise.
Research can make an important contribution in this regard, however, by gathering and
analysing fundamental data. Research makes a deeper understanding of the existing
challenges and future developments possible. Building on this, it can be determined how
existing laws can be improved, where it's necessary to enact new laws, and what impact
should be expected from changes to the legal framework. The goal of research efforts
should be to develop an appropriate legal framework in the field of cyber risks.
Relevance:
The legal framework directly influences how cyber risks are dealt with. Missing or
deficient legal foundations and difficulties in the application of existing laws to questions
in the field of cyber risks lead to legal uncertainty. Research is therefore important on the
possibilities of legislation. An analysis of the legislative action needed is also of great
Expert report on identification of the most important research topics
11
practical relevance.
Related research areas:
Privacy and data protection (1); Prevention and prosecution of cybercrime (3);
Management of cyber risks (5); Cybersecurity in international relations
Possible research topics:
Legal aspects relating to the protection of privacy and data: Automatic collection
of data has become a core business of many business models. The legal framework
for that purpose is insufficiently developed, however. It must be analysed how the
legal foundations should be designed in order to strengthen transparency and
accountability.
Legal foundations for state action: The possibilities and limits of governmental
responses to cyber attacks are a hotly discussed topic. The focus is on questions
concerning the legal preconditions and consequences of governmental surveillance or
active governmental countermeasures in the case of cyber espionage. In the Swiss
context, the new Intelligence Service Act (IntelSA) and the Federal Act on the
Surveillance of Postal and Telecommunications Traffic (SPTA) must be analysed.
Allocation of liability: Many complex questions relating to the allocation of liability
arise in the field of cybersecurity. It must be examined who should be liable for what
areas of cybersecurity (and what can be laid down in civil and criminal law). This
requires political decisions about the desired economic and legal incentives for
different actors. For instance, it must be clarified to what extent the victims of an
attack should be held responsible (especially in the case of data theft), which in turn
raises the question of what minimum standards of prevention should apply.
(Alternative) dispute resolution methods: Switzerland has a long tradition of
dispute settlement. It could become an important venue for dispute resolution
procedures relating to the protection of data and privacy. Research can supply ideas
and proposals for global dispute resolution methods.
Examples of research questions:
- What are the legal preconditions for introducing an obligation to report cyber incidents?
What would be the consequences of such a reporting obligation?
- What legal foundations exist for specifications in the field of encryption technologies?
- What legal incentives are possible for ensuring better consideration of security in software
development in future?
- How should liability issues be allocated among users, manufacturers, and third parties?
- Should transparency be required of software manufacturers in regard to possible security
vulnerabilities?
- What means are legal for defending against cyber attacks? What are the limits?
3.2.4 Prevention and prosecution of cybercrime
Description of research area:
We live in an era in which the prefix «cyber» has become omnipresent in crime.
Computers and networks lead to new approaches by criminals and also change
prosecution methods accordingly. New technologies are constantly opening up new
opportunities for cybercriminals. From a legal perspective and especially in order to
maintain legal certainty, it is crucial that criminal acts be investigated, prosecuted, and
punished also in this new environment.
A solid legal framework is an initial prerequisite for reducing cybercrime. But a good
prevention strategy is also needed. Research in the disciplines of psychology,
anthropology, criminology, and sociology can help develop tailored prevention campaigns
for different population groups.
Finally, cooperation is needed for effective prosecution. Cooperation includes information
exchange between victims and authorities, but also cooperation at the international level.
Relevance:
Efficient prevention and prosecution of cybercrime requires continuous effort on all sides.
Expert report on identification of the most important research topics
12
This also relies on valuable insights from research.
Related research areas:
Privacy and data protection; Legal framework; Incident response and forensics;
Management of cyber risks; Cybersecurity in international relations; Human factors of
cybersecurity.
Possible research topics:
Modernisation of criminal law: Many offences in cyberspace are covered by
existing provisions of criminal law, but some take place in a grey area or take targeted
advantage of legal loopholes. It is often enough to extend interpretation of existing law
to cover these cases. One example is identity theft, which is not directly addressed by
criminal law but is nevertheless criminalised under existing articles. In other cases,
this approach is not enough. It should thus be clarified when and under what
conditions new legislative provisions are necessary.
Adjustments in prosecution: Authorities must have the means to investigate and
prosecute offences committed by cybercriminals in an efficient and timely manner. At
the same time, a balance must be found between this need and the individual
freedoms of citizens. This challenge is especially relevant when gathering and
securing evidence in the digital world. It must accordingly be examined what
adjustments are necessary in regard to prosecution methods.
International cooperation: Cybercrime knows no borders. For that reason,
international cooperation in prosecution is essential. It must be examined how this
cooperation can be designed in the most efficient way. An important example of a
research subject is the European Convention on Cybercrime, which was signed 10
years ago. At the same time, it is interesting in this context to carry out comparative
examinations of the measures taken by other countries in the field of cybercrime in
order to gain an overview of possible activities against cybercrime.
Darknets: The isolated networks used to establish peer-to-peer connections offer an
attractive market for criminal activities, because they are difficult for prosecution
authorities to access and because they provide greater protection of anonymity. It
should be examined as a research topic what influence darknets have on criminal
activities and how prosecutors might be able to prosecute criminal activities in these
networks.
Examples of research questions: - Should new forms of crime such as identity theft be governed by new legal provisions, or
do the existing provisions suffice? - Are the existing prosecution methods suitable for solving cybercrime? - How effective is current international cooperation in the fight against cybercrime? - What opportunities will new technologies create for criminals? - What means do other countries employ against cybercriminals?
3.2.5 Incident detection, incident response, digital forensics
Description of research area:
The growing specialisation and complexity of cyber attacks is making it increasingly
difficult to detect and analyse incidents. Modern attack methods and malware are
designed so that they can circumvent security mechanisms, including antivirus programs
and incident detection systems. Even organisations with a high security awareness, such
as banks and governmental institutions, are frequently the targets of successful attacks.
The ability to detect and respond effectively and quickly to incidents is thus of crucial
importance for the mitigation of cyber risks. Accordingly, cybersecurity research has
moved away from its original focus on defensive and protective measures and is
developing methods to detect, respond to, and analyse incidents. These methods also
make an important contribution to prevention, because information about the identity and
methods of perpetrators is crucial in determining the appropriate protective measures to
be taken.
Expert report on identification of the most important research topics
13
Digital forensics and incident analysis are very similar disciplines. Traditionally, digital
forensics deals with cases in which the attacker has committed criminal offences in the
physical world. The focus of such investigations is on evaluating data carriers. Incident
analysis, in contrast, is concerned with the attacks against IT infrastructures. The crime
scene is the IT infrastructure, and accordingly the data to be evaluated is of a technical
nature, for instance log data, network traffic, malicious code, system modifications, etc.
Both disciplines have in common that they demand deeper understanding of the
technologies. The most important research challenge in both disciplines consists in
analysing and contextualising large amounts of data from frequently disparate sources.
Especially important is research on digital forensics and incident analysis in special
domains such as mobile devices, networks, data storages, and health systems.
Many illegal markets and activities now have a digital equivalent: counterfeit documents,
pharmaceuticals, watches and the like are offered on the darknet. They have a direct
negative impact on border protection, health care, and even the competitiveness of the
Swiss economy. For this reason, techniques must be developed to counter these
phenomena by combining methods of digital forensics with methods of Open Source
Intelligence (OSINT), with strong support from social and human sciences.
Relevance: Relevance arises from the increasing digitalisation of society. Cyber attacks have become a serious problem, and their methods are becoming increasingly sophisticated. At the same time, teaching and research relating to incident response and analysis are not very well developed in Switzerland, even though Switzerland is an attractive target for cybercriminals.
Related research areas:
Protection of privacy and data; Big data; Cloud computing; Legal foundations;
Management of cyber risks
Possible research topics:
Automation: (Partial) automation of the activities relating to incident detection and
analysis can decisively speed up the processes. This can also result in immediate
detection of attacks and give rise to new security systems that facilitate adaptable
defences against new attacks or malware variants.
Consolidation, correlation, and presentation of data: How can incidents be
captured and described in a way that goes beyond the mere collection of usual
indicators such as indicators of compromise? Examples for solutions include
analytical methods and systems that detect attacks on the basis of behavioural
patterns, not only on the basis of individual indicators. Also of interest may be
systems that analyse non-obvious relationships between attacks.
Share and make use of available knowledge: The rapid development of
technologies and attack methods make it difficult to know all the new forensic
possibilities or to find those that are already known. Research can help develop a
systematic approach to compiling new knowledge and maintaining existing
knowledge.
Integration of digital forensics into prosecution methods and intelligence
analyses: The use of highly developed analytical methods for gaining insights about
attackers must be further expanded. Using digital forensics, attackers can be
identified on the basis of their digital traces and with the help of behavioural profiles.
Forensics and incident analysis in relation to new technologies: New methods
are needed to apply digital forensics to new technologies such as the internet of
things.
Monitoring: Many technologies and activities of criminals can be understood better if
the exchanges of the groups in question on web forums, social networks, or the
darknet are examined carefully. The extent of information available on the various
platforms is steadily increasing. It is accordingly important to develop a systematic
approach to the analysis of this information.
Identification: On the basis of behavioural patterns, the characteristics of attackers
Expert report on identification of the most important research topics
14
can be identified. Combined with methods of traditional forensics, it is possible to
identify the persons responsible for attacks.
Visualisation: Visualisation of large amounts of information is an important challenge
for incident analysis. Visualisation helps detect patterns and anomalies.
Examples of research questions: - How can tactics, approaches, and processes of attackers be identified? - How can behavioural patterns and other characteristics of attackers be used to identify
perpetrators? - How can incident analyses be sped up? What processes can be automated? - How can we make more effective use of incident analysis and digital forensic analysis to
support risk management? - How can the knowledge gained from incident analysis be used better for prevention? - How can information be collected in a systematic and targeted manner from online
forums, social networks, and the darknet relating to actors and their tactics?
3.2.6 Management of cyber risks
Description of research area:
Cyber risks are developing in a very dynamic and extremely complex way. The dynamics
are a result of the rapid technological development, due to which certain risks become
more (or less) important very quickly. The complexity is a consequence of the many
interdependencies in modern systems, which make it difficult or even impossible to gauge
the consequences of successful attacks.
These characteristics are the central challenges for the management of cyber risks.
Research in this area must first consider the theory and methods of risk management in
the field of cyber risks. It must be investigated if and how the existing methods of risk
analysis should be adjusted to take account of the dynamics and complexity of cyber
risks.
At an operational level, research is needed on the instruments of risk analysis and
management, such as possible threat maps, threat matrices, or scenario-based planning.
Research of this kind should also help develop indicators to make the risks themselves
measurable, as well as the effectiveness of countermeasures.
Finally, there is a strategic-political level to the management of cyber risks. This level is
concerned with how cyber risks can be dealt with collectively. Important topics include the
potential of public-private partnerships, the limits and possibilities of information
exchange, and regulatory questions such as the option of introducing a duty to report
incidents.
Relevance:
Cyber attacks cannot be prevented entirely. Risk management is therefore necessary to
help assess the situation realistically and set the right priorities. New challenges arise for
the traditional methods of risk management when applied to cyber risks. Because risk
management should establish the framework for all actions to protect against cyber risks,
research in this area is of the utmost importance.
Related research areas:
Protection of privacy and data; Legal framework; Economics of cybersecurity; Human
factors of cybersecurity
Possible research topics:
Theory and methodology of risk management: Because cyber risks develop very
dynamically and are extremely complex, it is very difficult to gauge their likelihood and
potential for damage. Research is therefore necessary on the possibilities and limits
of existing risk analysis approaches. It should be investigated how cyber risks can be
compared with other risks and integrated into existing risk catalogues.
Instruments of risk management: Research should also help develop instruments
for the management of cyber risks, such as risk maps, scenarios, and simulations.
The measurability of risks and countermeasures is an important topic in this regard.
Expert report on identification of the most important research topics
15
Better measurability might help practitioners determine the right level of protection for
their organisation.
Information exchange: A major challenge for the management of cyber risks is the
lack of information about the risks and possible countermeasures. To address this
deficit, organisations and platforms have been created for information exchange.
Research should investigate how these platforms and organisations can be operated
effectively and efficiently. A special focus should be on information exchange between
public and private actors in the context of public-private partnerships.
Regulation: In practice, risk management is heavily influenced by the regulatory
context. Governments can specify the practices and standards of risk management by
way of legislation and ordinances. An important example of such regulatory
intervention is a duty to report incidents. Researchers should investigate when and
under what conditions a reporting obligation can effectively contribute to improving
cyber risk management.
Examples of research questions:
- What impact do the high level of dynamics and great complexity of cyber risks have on
the applicability of existing practices and methods of risk management?
- How can the probability of occurrence and the extent of the damage of cyber risks be
estimated?
- What methods can be used to determine the optimal scope of investments in
cybersecurity?
- What incentives result in greater exchange of information about cyber risks?
- How can cooperation between private and public actors be strengthened?
- What regulations make sense? What would the potential consequences be of state audits
or a duty to report cyber incidents?
3.2.7 Economics of cybersecurity
Description of research area:
The economic perspective on cybersecurity analyses the relationship between financial
losses due to cyber incidents and the costs for security measures. The lack of
cybersecurity is explained in terms of a fundamental problem of incentives and insufficient
information regarding the costs of cyber risks.
The false incentives are a direct consequence of the nature of cyberspace as a very
dense and complex network of information systems and users. For individual users and
companies, integration of their systems into networks means that the systems always will
be vulnerable to a certain extent, regardless of the individual investments made in
security. In some ways, cybersecurity has the character of a public good, and accordingly
investments in cybersecurity lead to high positive externalities. This gives rise to a
coordination problem consisting in the fact that the utility of an actor's investments in
cybersecurity depends on the investments made by all other actors. Moreover, the lack of
data regarding the costs of cyber risks makes it more difficult to determine the right level
of necessary investments in security measures. So far, there are hardly any models for
calculating cyber risks. Models of this sort would not only help practitioners engage in risk
management, but also favour the emergence of a market for insuring against cyber risks.
So far, the data situation regarding losses due to cyber attacks is not sufficient for
insurers to calculate premiums, capital, and reserves. The market is accordingly still
underdeveloped. It should be expected, however, that insurers will establish themselves
in the field of cyber risks over the coming years.
Relevance:
It is now undisputed that cyber risks have become an economically relevant problem.
Despite this, there is still relatively little research from an economic perspective on how
costs resulting from cyber risks can be reduced. In-depth insights on the costs of cyber
risks are also a precondition for a functioning market of insurances against cyber risks to
emerge.
Expert report on identification of the most important research topics
16
Related research areas:
Legal framework; Prevention and prosecution of cybercrime; Management of cyber risks
Possible research topics:
Costs of cyber risks: Estimates of the costs of cyber risks diverge considerably and are often not independent, since they are published by the providers of countermeasures. Researchers can contribute to the development of a better systematic approach to estimating costs and thus create the basis for risk models in the field of cyber risks.
Analysis of cybersecurity as a public good: It should be examined in what respects cybersecurity can be described as a public good and what consequences arise for the management of cyber risks.
Insurability of cyber risks: It should be examined in what way cyber risks can be insured and what preconditions must be established for that purpose. Incident databases are an important instrument for the development of cyber insurances. Researchers can help create such databases.
Regulation: In terms of economic research, the effects of existing or potential regulatory interventions to promote cybersecurity should be examined from a cost-benefit standpoint.
Examples of research questions:
- Could the availability of insurances against cyber risks lead to greater investments in
cyber risk management?
- How can the modelling and cost calculation of cyber risks be improved in light of the lack
of data, the dynamic developments, and the high degree of complexity?
- To what extent can instruments such as alternative risk transfer or insurance-linked
strategies be used to increase the sustainability of cyber risks through insurances?
- What are the economic costs and benefits of regulatory interventions?
- How can extreme risks be dealt with in cyber risk management?
3.2.8 Security of cyber-physical systems
Description of research area:
Cyber-physical systems are spreading very quickly across a wide range of areas of
application. In the field of building control and automation, these systems are already very
widespread, but they are also being increasingly found in medical applications or – as a
prominent example – in self-driving cars.
All of these systems undoubtedly offer many advantages, but they also entail new
security vulnerabilities due to their dissemination and capacities. Crucial in this regard is
that in order to function, all these systems require a multitude of sensors that continuously
gather data. At the same time, the systems are often not secured or only poorly, which
makes them a very attractive target for attacks. Improved security measures are
necessary, as well as increased awareness by users so that these systems are better
protected against attackers.
Cyber-physical systems also entail new challenges in dealing with data protection. An
evaluation of the data gathered by such systems can generate a great deal of information
about users. It must be analysed what impact these developments have on data
protection.
Relevance:
The rapid spread of cyber-physical systems in all areas of application (from industry to
health care and entertainment electronics) makes research on the security of these
systems very important, because it will become increasingly difficult in future to draw
clear boundaries between the physical world and cyberspace.
Related research areas:
Protection of privacy and data; Incident detection, incident response, and digital forensics;
Legal framework; Prevention and prosecution of cybercrime; Management of cyber risks
Possible research topics:
Security in the internet of things: The most important security challenges of the
Expert report on identification of the most important research topics
17
internet of things must be analysed systematically and proposals developed for how
to improve the situation. Apart from possible technological solutions, measures to
raise the awareness of users should also be taken into account.
Security in special areas of application: Cyber-physical systems are employed in
many different areas of application. Depending on the context of these applications,
various research questions arise.
Security of critical infrastructures and their services: Security of critical
infrastructures is relevant to society as a whole. The impact of the increasing
networking of these systems on security must be examined. The mutual
dependencies of different infrastructures must be taken into account in particular.
Examples of research questions:
- What new technologies can help to improve the security of cyber-physical systems?
- How can decentralised systems be protected from misuse without introducing centralised
infrastructures?
- On the basis of what criteria can the security of cyber-physical systems be measured,
and how can certification procedures be applied to such systems?
- How can updates be uploaded to cyber-physical systems, and how can this process be
automated?
3.2.9 Cybersecurity in international relations
Description of research area:
Cybersecurity is increasingly on the political agenda and the role of nation-states in
securing cyberspace is a key concern. Several possibilities are currently being discussed,
from introducing codes of conduct to conventions governing norms and rules in
cyberspace. Complementing these efforts, confidence-building measures are being taken
to strengthen international cooperation and to identify joint mechanisms for countering
cyber threats.
Relevance
The strategic discourse examines cyberspace both as a target of attacks (risk to
cyberspace) and as a means of attack (risk through cyberspace). This combination and
the flood of incidents have resulted in cyberspace becoming a main topic of national and
international security debates. Cybersecurity cannot be viewed simply as a technical or
legal problem, but rather as an issue for diplomacy and for foreign and military policy.
Many international cybersecurity initiatives are accordingly being pursued today. Most
focus on regulating cyberspace so that it becomes a stable and reliable place.
For research, these developments are a very good opportunity to investigate formal and
informal international initiatives and to examine existing lines of conflict. Understanding
these factors is a precondition for finding international solutions to the problem of
cybersecurity.
Related research areas:
Legal foundations, Prevention and prosecution of cybercrime; Human factors in
cybersecurity
Possible research topics:
Cyberpower: Theoretical approaches must be developed to define the concept of
«power» in cyberspace and to understand the corresponding dynamics. This includes
analysing the potential impact of offensive capabilities (also as a means against
cybercrime and cyberterrorism) and the associated legal and ethical questions.
Cyber deterrence: It must be examined whether and how the theory of mutual
deterrence can also be applied to power politics in cyberspace. In that context, the
important role of non-state actors in the use of cyber capabilities must also be taken
into account.
Escalation of conflicts: The special dynamic of conflicts in cyberspace must be
better understood.
Norms, conventions, institutions, and structures: Although international
Expert report on identification of the most important research topics
18
cooperation is still in its infancy in many areas, numerous norms, conventions,
institutions, and structures already exist. Their effects, their modus operandi, and their
weaknesses are an important area of research. Research should help identify
possible forms of institutional frameworks in the field of cybersecurity.
Internet governance: Research should compare the various models of internet
governance and describe their advantages and disadvantages. The important role of
private actors should be given special attention.
Examples of research questions: - What does «cyberpower» mean, and how can it be measured? - What are the specific characteristics of conflicts in cyberspace? What are the typical
dynamics of such conflicts? What developments should be expected? - What impact do cyber incidents have on the development of international relations? - How are the rules, decision-making processes, and power positions developing in the
existing models of internet governance? Are these models effective and efficient? - What confidence-building measures are possible, and how can they contribute to
stability? - What is the role of private actors in internet governance and in the institutions for the
promotion of cybersecurity? - What are «offensive cyber capabilities»? What could arms control look like in
cyberspace? What technologies would be necessary for that purpose? - How could attribution of cyber attacks be improved?
3.2.10 Human and social factors in cybersecurity
Description of research area:
Many, if not even most, cyber incidents can be traced back directly or indirectly to
misconduct by the user. Examples include using weak passwords, opening emails with
malicious code, or divulging data and information in response to bogus requests.
Research on cyber risks should therefore also take account of the human factor in
cybersecurity. Such research includes psychological, sociological, anthropological, and
cultural studies. The focus of research is on the behaviour of both victims and
perpetrators. It is important to understand the behaviour of both groups so that the right
measures can be taken to make it more difficult to exploit user vulnerabilities.
Relevance:
Research on the behaviour of potential victims and perpetrators in cyberspace is
important, given that the origin of attacks can always be found in human intentions or
human errors. Cyber risks can be mitigated only if the human factor is taken into account
appropriately, alongside technical, economic, and legal questions. It is also important to
investigate whether user behaviour is influenced by cyber risks and by the debate about
security and surveillance on the internet.
Related research areas:
Protection of privacy and data; Prevention and prosecution of cybercrime; Management of
cyber risks
Possible research topics:
Perception of cyber risks: It should be investigated how cyber risks are perceived in
society and whether there are relevant differences among different user groups.
User behaviour: Research should try to explain the behaviour of users in regard to
cyber risks. It should be analysed how aware users are of cyber risks, what influence
cyber risks have on users' behaviour, and how autonomous usage can be ensured.
Attacker motivation: The motivation of attackers is not solely economic. The
psychological, anthropological, and cultural context of these perpetrators must be
investigated in order to gain a better understanding of the non-economic factors.
Ethics in cyberspace: It should be investigated what the ethics are in the
predominantly anonymous environment of cyberspace, what standards are generally
practiced, and what boundaries are crossed.
Expert report on identification of the most important research topics
19
Examples of research questions: - How can different user groups be sensitised better to cyber risks? - How can behavioural-psychological factors be integrated into risk management? - How do systems have to be designed so that users can better understand and observe
the security requirements? - What psychological effects do cyber attacks have on victims? - How do attackers mutually influence each other? Are there role models? - How are cyber risks portrayed in popular culture (cinema, literature, videos, music,
painting)? To what extent does this contribute to awareness of cyber risks? And what influence does this have on attackers?
- How can universal ethical codes of conduct be developed and applied in globalised cyberspace?
- How can the internet be prevented from contributing to the radicalisation of different groups?
3.3 Focus topics: Especially relevant areas, technologies, and applications
This chapter lists the focus topics. These are the areas and applications that have attracted a
lot of attention in the discussion of cyber risks. All of these topics influence the debates in their
own way, and an overview of research topics would not be complete without examining these
focus topics. At the same time, these topics cannot be attributed directly to one of the areas
described above, given that they concern several of those areas. The expert group has
therefore decided to describe the following focus topics separately:
1) Big data
2) Cyber risks and cloud computing
3) Security in fintech
3.3.1 Big data
Description of focus topic:
The comprehensive collection and analysis of very large amounts of data has become
known as «big data». The term refers both to the new technologies that make such
evaluations possible in a short period of time, but also more broadly to the phenomenon
that data evaluation is playing an increasingly important role in the transformation toward
a digital society.
Data is continuously being captured, collected, exchanged, evaluated, and (commercially)
utilised via the internet. This entails important questions in the field of cyber risks relating
to the protection, life cycle, and storage of this data. But data analysis technologies can
also serve as valuable tools in solving crimes, and they often play an important role in the
attribution of cyber attacks to perpetrators.
Relevance
The new possibilities for rapidly analysing large amounts of data and for comparing and
correlating different sets of data are relevant to all research areas in the field of cyber
risks. The topic will strongly shape the future of the digital society and thus is an important
element of research on cyber risks.
Possible research topics:
Big data and the role of data monopolies: It should be analysed what impact the
emergence of data monopolies has on the economy and society. It should in
particular be investigated to what extent states are already dependent on companies
with data monopolies in certain areas.
Big data as an instrument for cybersecurity: The potential of big data for
Expert report on identification of the most important research topics
20
preventing and solving cyber attacks is huge. Research should explore this potential
and show how the possibilities can be utilised in future.
Legal challenge of big data: The possibilities for collecting and analysing huge
volumes of data have hardly been taken into account in the legal framework. The
decentralised infrastructures of big data pose an additional challenge. It should be
examined how to deal with this problem.
Political, social, and economic context of big data: The phenomenon of big data
can be understood only if the political, social, and economic context is included in the
investigation. It should be analysed who uses big data technologies and why.
Examples of research questions: - What in general are the consequences of big data for cybersecurity? Do these
technologies improve the situation, or on the contrary do they further increase the risks? - What role should the state play in regard to big data? Is stronger regulation needed? - Is the free market working, or are monopolies of major companies too strong? - What legal foundations are needed for big data? - What is the potential of big data in preventing and solving cyber attacks? - How can big data influence the risk management of cyber risks?
3.3.2 Cyber risks and cloud computing
Description of focus topic:
Cloud services have become very popular in recent years. Many services use central
memory storage to collect data, allowing the user to access information independently of
location. Other services actually use decentralised data storage, which more directly
corresponds to the original idea of cloud computing. Services made possible by the cloud
can be found in applications in many different areas, from the control of cyber-physical
systems to office applications and e-voting systems.
Storing data in a cloud is not without risks, however. Malfunctions or manipulations can
entail that third parties gain access to the data, leading to inconveniences but also
serious data protection problems and even financial losses.
A characteristic of cloud services is that data is mobile in view of its function and is
therefore not tied to any individual computer system. The data and functions may be
distributed across several different countries. It is therefore not easy to exercise legal
control over cloud services. This can be seen, for instance, in the digital currencies made
possible by cloud computing (such as Bitcoin, Ethereum, Dodgecoin, Litecoin, and
others) and also in information platforms without centralised infrastructures.
Relevance
Cloud computing has become a very important technology with a direct impact on cyber
risks and possible countermeasures. For research in the field of cyber risks, it is important
to understand how cloud computing continues to develop and what the specific
consequences for cybersecurity are.
Possible research topics:
Protection of privacy and personal data in the cloud: It should be analysed what
impact the spread of cloud services has on the protection of privacy and personal
data. Technical security measures are needed for data storage, access control, and
transmission. Many important questions must also be clarified in regard to the rights
and duties of cloud service users and providers.
Forensics and cloud computing: Cloud computing may lead to challenges for
forensic analysis, because large amounts of data are stored in different places that
are hardly open to physical access. Appropriate technical instruments must be
developed and legal questions clarified.
User awareness: Many users are hardly aware of how and where their data is stored.
Possibilities should be identified for conveying a better understanding of cloud
technology to users.
Examples of research questions: - What legal questions arise in regard to use of the cloud?
Expert report on identification of the most important research topics
21
- How can illegal activities in the cloud be discovered and attributed? - What challenges arise in regard to data protection? - How can the authenticity and integrity of data in the cloud be ensured?
3.3.3 Security in fintech
Description of focus topic:
The financial industry was always quick to adopt and advance the digital transformation of
society and the economy. The introduction of digital technologies and complex financial
products massively changed the business in the 1970s and 80s, for instance. Today,
digital technologies for econometric analysis, modelling, recording, and execution of
transactions have long been the standard.
The next big step in this development can now be seen in the emergence of the fintech
industry (the combination of finance and technology). The most important applications are
currently social trading (investment advice on social platforms), robo-advisory services
(automated investment advice), and peer-to-peer lending (direct lending from private
individuals to other private individuals).
The market potential of these applications is often still unclear, and the risks of these new
applications have hardly been researched so far. Substantial basic research is needed in
this field to clarify what the impact of fintech will be on the financial industry and on cyber
risks.
Relevance:
Fintech is attracting great interest worldwide in the media and from practitioners.
Switzerland is willing to play an important role in fintech. Although the importance of
fintech is undisputed among practitioners and policymakers, there is hardly any academic
discourse so far about the significance and influence of this technology. There is a clear
need for research in this field.
Possible research topics:
Impact of fintech on the financial industry: It is still unclear how strongly and in
what way the new technologies will change the financial industry. Research should
help provide a better assessment of the fintech phenomenon and illuminate possible
consequences.
Greater dependency: Even stronger digitalisation of the financial industry also
increases its dependency on IT service providers. A large-scale disruption of IT would
threaten to trigger a collapse of the financial system. It should be investigated how
systemic risks increase with the spread of fintech.
New risks: The new technologies also entail new risks. Also in this respect, there are
only few insights so far. But the earlier potential risks are recognised, the better the
financial industry will be able to prepare for them.
Examples of research questions: - Will financial intermediaries such as banks and insurers be displaced by fintech? What
potential do blockchain technology and peer-to-peer lending have in this regard? - How does fintech change the systemic risks in the financial sector? Does fintech increase
systemic risks because of the great dependency on IT services, or does it reduce them because of the decentralised structure?
- Will human advice still be necessary in the financial industry? What is the client acceptance of robo-advisors?
- What influence do big data analyses have on trading? Are algorithms more effective at trading than humans in light of the available data volumes?
Expert report on identification of the most important research topics
22
4 Conclusion
This expert report aimed to achieve three goals: an overview of the most important research
topics in different disciplines, promotion of an understanding of the research in the different
disciplines, and finally sensitisation of research policy for the topic of cyber risks. With the
abundance and diversity of the listed topics, the report has certainly succeeded in making a
contribution to the first two goals. It illustrated how broad the topic is, and how many
demanding research questions must be addressed in the various disciplines. We hope that
many researchers are motivated to tackle the complex – but also important and interesting –
topics in their work. But it should again be emphasised that the report does not claim to be
complete. There are other research questions not included in the report that may be just as
relevant. Moreover, the rapid advancement of technological development means that new
challenges are continuously arising.
As an instrument for sensitising research policy, this report helps by presenting the whole
range of topics. Research on cybersecurity must not be reduced to technical questions, and
it will lead to relevant results mainly if an interdisciplinary approach is taken. The report aims
to serve as a foundation for designing further research promotion in the field of cyber risks.
In conclusion, we would like to appeal to everyone – researchers and research promoters –
to advance research in the topics listed above. If we as a society use digital technologies,
then we depend on their security. Security in turn can be ensured only if the existing
problems are analysed thoroughly and innovative solutions are developed. Switzerland is
home to excellent academic institutions that already conduct research on many of the topics
listed here. The goal is to use and further advance this potential so that Switzerland can play
an important role in the development and application of technologies and methods in the field
of cybersecurity and at the same time is able to protect its own infrastructures from cyber
risks.