Swiss authority warns of cyberattacks on Ukraine conference and TV

All Swiss companies have been asked by the new Federal Office for Cybersecurity (Bundesamt für Cybersicherheit, BACS) to arm themselves now against "Russian disruptive actions in cyberspace", reported SRF, the German-language radio and television station of the Swiss Broadcasting Corporation (Schweizerische Radio- und Fernsehgesellschaft, SRG), on Friday. According to various media reports, including that of SRF and the "NZZ am Sonntag", the BACS expects an increase in cyberattacks and espionage – not only in Switzerland – during the Ukraine peace conference. Yesterday, a serious attack on the network of the German CDU party was also promptly announced.

The first major peace conference for Ukraine will take place on June 15 and 16 on the Bürgenstock mountain in the canton of Nidwalden. The Swiss government has invited numerous heads of state and government to attend. Delegations from around 80 countries are expected to attend. Russia itself has not been officially invited; China has just cast serious doubt on its participation, which was initially left open, and the Federal Office for Cybersecurity predicts on request that participants in the conference will be exposed to an "increased risk of cyber espionage", writes the NZZ am Sonntag. So-called "overload attacks" are also to be expected, the NZZ quotes. This refers to technical disruptions to the IT infrastructure of "institutions connected to the conference".

DDoS as feared a year ago

In other words, the BACS is again expecting DDoS attacks, as happened at the same time a year ago, when the pro-Russian group "NoName057(16)" bombarded the federal administration for seven days with a total of 57 successful DDoS attacks. The reason: Ukrainian President Volodymyr Zelensky spoke to the Swiss parliament in a video link. However, Switzerland survived this "without lasting damage", wrote the Federal Office for Cybersecurity in a later analysis in autumn 2023. For this year's Ukraine Peace Conference, the BACS also fears "the defacement of websites related to the conference".

SRG also expects Russian disruptive actions, the media company reported on Friday. SRG is the so-called "host broadcaster" at the Ukraine conference. SRG is recording all official speeches and media conferences at the international meeting and making the material available to the media worldwide. SRG emphasizes that this is a key role when it comes to communicating the potential success of the high-level event, with DDoS attacks being the most likely scenario. This could not only paralyze the SRG online offerings of its various language media channels SRF, RSI, RTS or RTR "in the short term, but also relevant production systems".

Live broadcasts are stopped if necessary

The Head of Information Security at SRG, Michel Gachet, expects such actions from Russia. By attacking SRG's IT system, "hackers could try to disrupt or stop the transmission of the conference", says Gachet. "The worst-case scenario would be if our live broadcasts were stopped," says Gachet. By this he means a collapse of the entire television and radio program or even the dissemination of false information via the SRG channels.

As SRF reports, "the speed is crucial. If it could not be guaranteed that the transmission would be flawless, it would be stopped." The media company's motto is that it is better not to transmit any information from the conference at all than to pass on false information. For these reasons, SRG has taken additional protective measures.

To ensure that everything else runs safely, the Swiss government, the Federal Council, has decided to close the airspace in an area around the Bürgenstock on Lake Lucerne for the period from June 13 to 17 because of the conference. The Swiss Air Force will provide an air police service and increased airspace surveillance. On the ground, 4000 soldiers will secure the Bürgenstock Conference.

The Federal Office for Cybersecurity will provide the federal and cantonal authorities involved in the organization of the conference with a joint communication platform. During the conference, the BACS will use this platform to provide information on the development of the cyber threat situation. An emergency center will also be set up for technical analyses.

(nie)