Navigation auf


Digital Society Initiative

Cybersecurity governance framework

The project «Creating an ethical and legal governance framework for trustworthy cybersecurity in Switzerland» develops findings and recommendations on non-technical aspects of cybersecurity.

Cybersecurity is characterized by rapid technological progress. New security gaps are constantly emerging, which are countered with technical protection measures. The speed of this development overwhelms many users of the technologies and limits their ability to make informed decisions about their usage behavior. The rule of law is also challenged by the pace of technological change, as democratically supported legislative processes cannot always keep pace with the speed of technological development. This leads to governance and legislative gaps that make effective and democratically supported cybersecurity difficult.

A key element to address these challenges in Switzerland is the strategy «Nationale Strategie zum Schutz der Schweiz vor Cyber-Risiken» (NCS). Its core principles include a risk-based approach to cybersecurity, decentralized implementation of appropriate measures, a subsidiary role for the state, promotion of public-private partnerships, and active communication with civil society, business, and political stakeholders. The central goal of our project is to support these key elements of the NCS through research that provides data, insights, and recommendations with a particular focus on non-technical aspects of cybersecurity.

The project has three goals:

  1. Identify the regulatory needs in cybersecurity resulting from the mismatch between technological and legislative speed.
  2. Obtain data through surveys of critical infrastructure operators and experts to inform the national cybersecurity strategy.
  3. Establish a governance framework on ethical and legal aspects of cybersecurity for stakeholders in Switzerland.

The project will develop concrete proposals for the Swiss parliament and the administration on how Swiss legislation can address cybersecurity challenges. In addition, guidelines for dealing with cybersecurity dilemmas will be created for government and private actors such as law enforcement agencies, computer emergency response teams, critical infrastructure risk and compliance teams, and cybersecurity solution providers.

Researchers involved

  • Dr. Markus Christen (DSI; PI)
  • David-Olivier Jaquet-Chiffelle (University of Lausanne, co-PI)
  • Sylvain Métille (University of Lausanne, co-PI)
  • Reto Inversini (Swiss GovCERT)
  • Manuel, Suter (National Center for Cyber Security)
  • Christophe Hauert (University of Lausanne)
  • Melanie Knieps (UZH)
  • Pauline Meyer (University of Lausanne)
  • Sara Pangrazzi (UZH)
  • Delphine Sarrasin (University of Lausanne)

Project Advisory Board

  • Endre Bangerter (Bern University of Applied Sciences / Threatray)
  • Josep Domingo-Ferrer (University Rovira i Virgili, Catalonia)
  • Gloria González Fuster (Vrije Universiteit Brussel, Belgium)
  • Dominik Herrmann (Otto-Friedrich-Universität Bamberg, Germany)
  • Alexey Kirichenko (F-Secure, Finland)


Swiss National Science Foundation, National Research Programme 77 «Digital Transformation».