In an increasingly threatening digital environment, a coordinated defence network can be an effective means of protection. With this in mind, the Department of Defence and Civil Protection DDPS initiated a pilot project in 2021 aimed at improving the skills of security teams and to obtain a comprehensive overview of the threat landscape in the financial services sector. The initiative aims to enable security teams in the financial sector to have access to cyber defence capacities of the Confederation and to improve the general security situation through increased collaboration. Conventional data collaboration challenges are overcome by the use of confidential computing and data clean rooms, a combination of new encryption and data protection technologies.
The project has emerged from the second «Cyber Startup Challenge 2021» of the Cyber-Defence Campus, armasuisse. The winner of this competition was the Swiss startup Decentriq. The company developed a Software-as-a-Service (SaaS) platform which offers what are known as data clean rooms for companies. Data clean rooms are protected virtual environments based on confidential computing technology, in which sensitive data is encrypted and cleaned so that it can be used for data analyses across organisations.
Definition of confidential computing: Confidential computing is, as the name says, a technology for confidential data processing in the cloud. Confidential computing’s speciality, compared with the previous encryption of data in the cloud, is that sensitive data is not only protected in idle status (in memories and databases) or during transmission (via a network connection), but also during usage. In a nutshell, the technology uses encryption mechanisms to ensure security from third parties and cloud providers when processing sensitive data.
Protecting Swiss financial sector privacy
Using the technology from Decentriq and the expertise of key stakeholders in the Swiss financial sector, such as the Swiss National Bank, SIX and Zurich Cantonal Bank, common email phishing threats across organisational boundaries were identified during the pilot project. Using encryption technology, banks were able to detect new phishing campaigns, identify common patterns and compare the phishing defence of all participating organisations. The successful pilot project showed that useful insights into cyber threats could be obtained through the neutral and protected instance of the data clean rooms without sensitive data having to be exchanged between organisations.
A secure exchange between private and public stakeholders increases the security of critical infrastructures, which is one of the main goals of the National Strategy for the Protection of Switzerland against cyber risks (NCS). The proof of concept, which was concluded last year, identified the technical feasibility and potential insights for the responsible teams of the project participants. The next steps for 2023 will consist of proposing a system solution for the entire financial sector.
(PR - ES)