Measures to improve the security of telecommunications networks
Bern, 16.11.2022 - Starting in 2023, telecom operators will be required to inform the National Emergency Operations Centre if a network outage could affect at least 10,000 customers. Internet service providers will have to step up the anti-tamper mechanisms for their telecommunications systems. Also, 5G networks will get improved security. These enhancements are set out in the revised Ordinance on Telecommunications Services, which was passed by the Federal Council on 16 November 2022. The changes enter into effect on 1 January 2023.
With a view to improving incident reporting, disruptions to telecom systems will in future have to be reported as soon as they affect 10,000 customers as opposed to the previous threshold of 30,000. Instead of going to the Federal Office of Communications (OFCOM) as before, reports will be submitted to the 24-hour National Emergency Operations Centre (NEOC). This will allow disturbances to be dealt with in real time, which is particularly important in crisis management. NEOC will then inform OFCOM. In addition, disruptions will have to be published on a website.
Enhanced network security
Internet service providers (ISPs) will be required to strengthen their anti-tamper mechanisms so as to increase network security. If an ISP detects malicious activity on a website, such as a phishing attempt, it should be able to block or restrict the internet connection. Such measures will also be used to isolate infected or vulnerable devices. Moreover, ISPs will be required to operate a specialised unit for receiving reports of tampered telecommunications devices. They will also be obliged to counter cyber attacks attempting to make servers, services or infrastructures unavailable. For example, they will have to implement solutions to filter out data originating from their network but using a false source IP address.
5G network security
The revised telecommunications ordinance takes account of technological developments and also addresses the security of next-generation (i.e. 5G) mobile networks and the services running on them. Operators will be required to have an information security management system in line with OFCOM's requirements. For the location of their network operations and security management centres, they will be free to choose between Switzerland or another country whose legislation guarantees an appropriate level of data protection.
Regarding the next mobile frequency allocation for 2027/2028, the Federal Council has instructed the Federal Department of the Environment, Transport, Energy and Communications (DETEC) to examine whether mobile network operators should be required to operate their centres in Switzerland.
Address for enquiries
Federal Office of Communications OFCOM,
Press Office, tel. +41 58 460 55 50,
media@bakom.admin.ch
Publisher
The Federal Council
https://www.admin.ch/gov/en/start.html
General Secretariat of the Federal Department of Environment, Transport, Energy and Communications; General Secretariat DETEC
https://www.uvek.admin.ch/uvek/en/home.html
Federal Office of Communications
http://www.ofcom.admin.ch