Creating an ethical and legal governance framework for trustworthy cybersecurity in Switzerland

The project aims to provide data, insights, and recommendations on non-technical aspects of cybersecurity. It helps to address ethical and legal challenges in securing the digital infrastructure of Switzerland. The project is part of the National Research Programme 77 “Digital Transformation”

Background of the project

Cybersecurity is characterized by rapid technological progress. New security gaps are constantly emerging, which are countered with technical protection measures. The speed of this development overwhelms many users of the technologies and limits their ability to make informed decisions about their usage behavior. The rule of law is also challenged by the pace of technological change, as democratically supported legislative processes cannot always keep pace with the speed of technological development. This leads to governance and legislative gaps that make effective and democratically supported cybersecurity difficult.

A key element to address these challenges in Switzerland is the “National Strategy for the Protection of Switzerland against Cyber Risks” (NCS). Its core principles include a risk-based approach to cybersecurity, decentralized implementation of appropriate measures, a subsidiary role for the state, promotion of public-private partnerships, and active communication with civil society, business, and political stakeholders. The central goal of our project is to support these key elements of the NCS through research that provides data, insights, and recommendations with a particular focus on non-technical aspects of cybersecurity.

Goals of the Project

The project has three goals:

  1. Identify the regulatory needs in cybersecurity resulting from the mismatch between technological and legislative speed.
  2. Obtain data through surveys of critical infrastructure operators and experts to inform the national cybersecurity strategy.
  3. Establish a governance framework on ethical and legal aspects of cybersecurity for stakeholders in Switzerland.

The project will develop concrete proposals for the Swiss parliament and the administration on how Swiss legislation can address cybersecurity challenges. In addition, guidelines for dealing with cybersecurity dilemmas will be created for government and private actors such as law enforcement agencies, computer emergency response teams, critical infrastructure risk and compliance teams, and cybersecurity solution providers.

Project Team

  • Markus Christen, University of Zurich (PI and contact: christen@ifi.uzh.ch)
  • David-Olivier Jaquet-Chiffelle, University of Lausanne (co-PI)
  • Sylvain Métille, University of Lausanne (co-PI)
  • Reto Inversini, Swiss GovCERT (project partner)
  • Manuel, Suter, National Center for Cyber Security (project partner)
  • Christophe Hauert, University of Lausanne (researcher)
  • Melanie Knieps, University of Zurich (postdoctoral researcher)
  • Pauline Meyer, University of Lausanne (PhD student)
  • Sara Pangrazzi, University of Zurich (associated PhD student)
  • Delphine Sarrasin, University of Lausanne (associated PhD student)

Project Advisory Board

  • Endre Bangerter, Bern University of Applied Sciences / Threatray
  • Josep Domingo-Ferrer, University Rovira i Virgili, Catalonia
  • Gloria González Fuster, Vrije Universiteit Brussel, Belgium
  • Dominik Herrmann, Otto-Friedrich-Universität Bamberg, Germany
  • Alexey Kirichenko, F-Secure, Finland