Executive Summary

The Federal Audit Office (EFK) has identified significant deficiencies in federal cyber defense in its audit of ICT security at the State Secretariat for Security Policy (Sepos). While the new organizational structure for information security has been established, it still exhibits considerable stabilization gaps. Particularly critical are gaps in collaboration between the Information Security Specialist Staff (FS BIS) and the Federal Cybersecurity Office (Bacs) regarding guidelines, processes, and the reporting of cyber incidents.

Persons

  • Dajana Dakic (Author)

Topics

  • Cybersecurity
  • Federal Security
  • Organizational Development
  • ICT Infrastructure

Clarus Lead

The federal security architecture is under pressure despite reorganization measures. The EFK audit reveals that critical interfaces between federal security authorities are not functioning optimally – a risk at a time when cyber attacks on state infrastructure are increasing and coordinated defense measures are essential. The deficiencies in reporting processes and binding standards point to a structural governance problem that requires prompt remediation.

Detailed Summary

The EFK audit focuses on task fulfillment in the area of ICT security at Sepos and assesses the new organizational structure as established but not fully consolidated. Central weaknesses lie in the coordination between the Information Security Specialist Staff (FS BIS) and the Federal Cybersecurity Office (Bacs).

Three problem areas have been identified: First, there are missing uniform guidelines and standards that legally bind both authorities. Second, process procedures for the escalation and handling of security incidents are insufficiently defined. Third, there are gaps in reporting obligations for cyber incidents, which represents a critical blind spot in situational awareness. These coordination deficiencies endanger the coherence of federal defense and complicate a unified response to threats.

Key Findings

  • Organizational Deficiencies: The newly built federal security structure is not yet fully stabilized
  • Coordination Gaps: Gaps between FS BIS and Bacs in standards, processes, and reporting
  • Need for Action: Urgent measures required to harmonize guidelines and escalation procedures

Further News

  • Fortibleed Attack: Hacker campaign compromises 74,000 Fortinet firewalls worldwide; security researchers describe the scope of credential disclosure as "alarming"
  • Polycom Successor: Preliminary project for new secure communications solution launches; intended to establish technical and financial foundations
  • BVZ Security Operations Center: Valais transport and tourism service provider establishes SOC

Critical Questions

  1. Evidence: What specific cyber incidents or security breaches did the EFK document to support its criticism of reporting processes?

  2. Data Quality: How complete are the governance documents analyzed by the EFK (process documentation, policies, escalation protocols), and do they cover the entire federal landscape?

  3. Conflicts of Interest: Do FS BIS and Bacs have different operational priorities or budget interests that explain the missing coordination?

  4. Causality: Are the identified gaps the result of insufficient resources, inadequate management directives, or structural overlaps in responsibilities?

  5. Feasibility: What timelines has the EFK set for remedying these deficiencies, and how will progress be measured?

  6. Comparison: How does Switzerland score in this assessment compared to other federal states (DE, AT)?

  7. Risk Assessment: Has the EFK conducted a risk analysis that quantifies the damage from these coordination deficiencies?

Sources

Primary Source: EFK sieht Lücken in der Cyberabwehr des Bundes – Inside IT, June 18, 2026

Verification Status: ✓ June 18, 2026

This text was created with the support of an AI model. Editorial Responsibility: clarus.news | Fact-Check: June 18, 2026