Skip to content

Four steps for a value-orientated cybersecurity culture

Markus Christen (Managing Director of the DSI) and his team have created a guideline focussing on the non-technical aspects of cybersecurity. The research team was able to present these to the Federal Parliament at the end of December 2023.

Modern society is increasingly dependent on information technology. Cyber security is therefore important. Various guidelines and checklists already exist in the technical field. However, conflicts between ethical values or social complexity often lead to difficult decisions when it comes to cybersecurity issues.

Markus Christen from the Digital Society Initiative (DSI) at the University of Zurich and his team, together with researchers from the University of Lausanne and with the support of the Swiss National Center for Cybersecurity, have therefore created a guideline for a value-oriented cybersecurity culture.

The research team presented the new guideline to the Federal Parliament at the end of December 2023. The Parliamentary Group on Digital Sustainability (Parldigi) hosted an event on the topic of «Cybersecurity». Around 40 participants from politics, business and the federal administration listened intently.

This is because 1 January 2024 marks a significant turning point for ensuring and regulating cybersecurity in Switzerland: on this date, the new Federal Office for Cybersecurity will begin its activities and the revised Information Security Act will come into force.

Legal gaps and recommendations

The second focus of the presentation at the Parldigi event in the Federal Palace was the legal framework for cybersecurity. According to the researchers, there are still gaps in the new Swiss Information Security Act. Markus Christen and his team highlighted the most important gaps, focussing on critical infrastructures.

«We are in favour of introducing minimum requirements that apply to all critical infrastructures. It is important that all critical infrastructures improve their cyber resilience. The best way to achieve this harmonised level is to apply minimum cybersecurity requirements (..).»