Swiss Government Ensures Security of Supply

In order to ensure long-term security of supply, Switzerland has developed specific regulations in recent years that provide operators of critical infrastructure with a clear framework for action. It is particularly important to note that the legal requirements include not only technical but also, and above all, organizational obligations. Those who understand cybersecurity as a cross-cutting issue, i.e., combining risk management, reporting requirements, training, and governance, not only meet regulatory expectations but also create long-term resilience.

Companies should clarify internal responsibilities at an early stage, define clear processes, and ensure that cybersecurity is understood as a management task. In the coming years, this holistic approach will prove to be a crucial success factor.
 

Advancement through technology 
& responsibility

Switzerland is one of the countries with the highest density of networked devices per capita. In addition to classic IoT applications such as sensors and IP cameras, industrial control systems (PLCs) are also increasingly accessible online. This significantly increases the attack surface, especially in critical infrastructures where a failure can have direct consequences for the energy supply.

Vulnerable Swiss Power Grid

Also the Swiss Energy Grid Is Vulnerable

A key point is that many of these devices do not receive security updates for years. Companies should therefore maintain a complete inventory of all IT/OT systems and regularly check for vulnerabilities. A simple but effective measure is to consistently segment the network to minimize the risk of lateral movement in the event of an attack.

Particular caution is required in the area of remote maintenance: standard passwords and unencrypted connections are still a common attack vector. Systematically implementing authentication, logging, and regular checks can drastically reduce the risk. Looking to the future, the number of networked components in smart grids and remote operating environments will continue to rise. Transparency and continuous monitoring are therefore key to maintaining control over your own OT landscape

Minimum ICT Standard as a Basis for 
Cybersecurity

The ICT minimum standard was developed in close cooperation with the Swiss Federal Office of Energy (SFOE) and the National Cyber Security Center (NCSC) and forms the central basis for cyber regulation in the Swiss energy sector. It defines the minimum organizational and technical requirements that operators of electricity and gas networks are obliged to implement. The aim is to strengthen the cyber resilience of the energy supply in a sustainable manner in order to prevent cyber attacks and security incidents preventively, while at the same time ensuring functionality and security of supply even in the event of disruptions or failures.

The Minimum ICT Standard

The Minimum ICT Standard

Companies should pay particular attention to the holistic structure of the standard: in addition to technical protective measures, it also requires processes for risk analysis, employee training, and management involvement. Many operators underestimate this governance aspect, even though it is crucial for the long-term effectiveness of the entire security program. Those who use the minimum ICT standard not only as a pure compliance task, but also as a tool for continuous improvement, can systematically strengthen their security situation. This includes regular self-assessments, prioritization of measures, and comprehensible documentation of progress.

The minimum ICT standard is flanked by further legal framework conditions. The revised Data Protection Act (DSG) obliges companies to protect personal data. In addition, operators of critical infrastructures in Switzerland have been subject to a separate reporting obligation since April 1, 2025: cyberattacks must be reported to the Federal Office for Cybersecurity (BACS) within 24 hours of discovery. Supervision is carried out by various bodies: The NCSC acts as the national reporting center for cyber incidents and supports companies with recommendations for action and analyses. The ElCom (Federal Electricity Commission) is also relevant for the energy industry, which monitors compliance with regulations as part of its supervisory function.

Security Is Not a State, but a Process

Cybersecurity in the energy sector is not a one-time task, but a continuous process. Systems change, employees change, threats evolve. To survive in this environment, you need structures for ongoing improvement. Companies should therefore regularly review their security measures, validate them through assessments, and test them in emergency drills. Especially in the initial phase or in preparation for external audits, it can be useful to involve specialized partners in order to identify specific vulnerabilities and implement improvement measures efficiently.

OMICRON Cybersecurity Consulting

OMICRON Cybersecurity Consulting

In the long term, cybersecurity will become an integral part of corporate strategy and a quality feature in tenders, collaborations, and regulatory audits. Companies that invest in structures and culture today will not only be more resilient tomorrow, but also more competitive.

Overall, Swiss cybersecurity regulations create a clear framework that makes energy supplies more resilient to attacks while also strengthening confidence in critical infrastructure. Companies that consistently implement these requirements not only contribute to security of supply, but also position themselves for the future challenges of a digitalized energy world.

 

 

Resources

Swiss Regulations, Tibor Külkey
04. November 2025

Swiss Cybersecurity Regulations in the Energy Sector

In order to ensure long-term security of supply, Switzerland has developed specific regulations in recent years that provide operators of critical infrastructure with a clear framework for action.

Read this story
Lessons learned from IDS Deployments in Over 100 Energy Facilities
27. October 2025

Lessons learned from IDS Deployments in Over 100 Energy Facilities

This paper presents a comprehensive analysis of the security issues found in over 100 global energy facilities, including substations, power plants, and control centers.

Read this story
IEC 61850 and OMICRON - a long-lasting connection
15. October 2025

A long-lasting connection

IEC 61850 and OMICRON - a long-lasting connection.

Read this story
22. September 2025

Navigating Cybersecurity in Power Systems

In this episode, Simon Rommer explores the critical role of TI and OT power systems cybersecurity with Jose Paredes.

Read this story
Risk Management OT - IT, Jaron Stammler
26. August 2025

Differences in Risk Management Between IT and OT

Understanding risks in operational technology requires a different mindset than in IT — because in OT, digital vulnerabilities can quickly translate into physical consequences.

Read this story
CISA Asset Inventory Guidance
20. August 2025

Asset Inventory Guidance from CISA and BSI

The CISA, in collaboration with the German BSI and other organizations, published recommendations for managing asset inventories.

Read this story
22. July 2025

Major Updates for StationGuard Sensor and GridOps

The new versions of StationGuard Sensor and GridOps are here — with features that further simplify operations and detection across your OT network.

Read this story
Dr Marie Moe, Mandiant Consulting
30. June 2025

Recovery and Decision-Making in Cybersecurity Incident Response

In this episode, Simon Rommer discusses the critical cybersecurity incident response steps of recovery and decision-making with his guest Dr. Marie Moe.

Read this story
OMI­CRON Con­tributes to Nmap Plug-In
02. June 2025

Po­si­tion Pa­per: BSI Cal­ls For More Cy­ber­se­cu­rity in the En­ergy Sec­tor

In the position paper, the German Federal Office for Information Security (BSI) expresses concern over the critical threat situation in the energy sector.

Read this story
Cybersecurity Podcast, Simon Rommer, Stephan Mikiss
02. May 2025

Containment, Eradication and Recovery in Cybersecurity Incident Response

In this episode of the miniseries, Simon Rommer & Stephan Mikiss discuss the steps of containment, eradication & recovery in the incident response process.

Read this story
18. April 2025

Reliable Vulnerability Management in OT systems - Even Without CVE?

On 16 April, funding for the CVE and CWE programs is coming to an end, and with it the continued existence of the CVE database.

Read this story
From NIS2 to StromVV, OMICRON
18. April 2025

From NIS2 to StromVV

The EU's NIS2 Directive and similar regulations in the USA, Singapore, Australia, and Switzerland aim to enhance security measures across various sectors.

Read this story
Cybersecurity Podcast, Simon Rommer, Johann Stockinger
05. March 2025

The Importance of Identification in Cybersecurity Incident Response

Simon Rommer and Johann Stockinger speak about the importance of identification, which is the second step in the incident response process.

Read this story
BSI Handlungsempfehlung
21. February 2025

New Recommended Actions by the BSI

The German Federal Office for Information Security (BSI) has published new recommendations for securing the OT of distribution network operators.

Read this story
Glitre Nett & OMICRON Success Story
29. January 2025

OT Cybersecurity for the South of Norway

Over the next decade, we protect Glitre Nett's operations with StationGuard, providing comprehensive protection against cyber threats in their OT networks.

Read this story
Cybersecurity Podcast, Simon Rommer, Tibor Kuelkey
29. January 2025

Cy­ber­se­cu­rity Pre­pared­ness in the En­ergy Sec­tor

In this episode, Simon Rommer speaks with Tibor Külkey from ALSEC Cybersecurity Consulting, Simon and Tibor discuss the critical importance of preparation.

Read this story
22. January 2025

CISA Releases 13 OT Security Advisories

CISA published 13 security advisories for OT systems. These security advisories describe vulnerabilities in systems that are used in power grids worldwide.

Read this story
OMICRON OT Vulnerability Report 2024
17. December 2024

OMICRON OT Vulnerability Report 2024

By analyzing thousands of vulnerabilities, this report highlights trends in publication, predominant weaknesses, and attack vectors in the OT sector.

Read this story
ISO/IEC 27019:2024 and ISO/IEC 27001:2022, OMICRON
22. November 2024

New Standards for OT Security

A new version of the ISO 27019 standard has just been released. This standard is highly relevant for information security certifications.

Read this story
How to Protect OT Networks from Cyber Attacks
03. November 2024

Unmasking 802.1x Vulnerabilities

Without network access control (NAC), hackers can plug into the Ethernet switches of critical control networks in substations and control centers.

Read this story
NIS2 Directive, OMICRON
16. October 2024

NIS2 - Is It a Miss Too?

Today, October 17, 2024, is the deadline for EU Member States to transpose the NIS2 Directive (2022/2555) into national law.

Read this story
Why Patch Man­age­ment in Power Grid Sub­sta­tions Is Chal­leng­ing?
14. October 2024

Patch Management in Power Grid Substations

Patching assets in power grid substations is a complex task fraught with challenges unique to the OT environment.

Read this story
StationGuard Brochure, OMICRON
06. October 2024

StationGuard Solution

StationGuard simplifies OT security with advanced intrusion detection, asset and vulnerability management, and functional monitoring. This brochure tells you everything you need to know about our benchmark solution.

Read this story
30. September 2024

Which Logs to Collect in a Power Grid OT Environment?

When introducing a SIEM, it is crucial to consider how to integrate OT into the predominant IT system infrastructure.

Read this story
The Hidden Dangers of Windows in OT Networks
17. September 2024

The Hidden Dangers of Windows in OT Networks

Windows devices are omnipresent in information system environments. However, their presence comes with significant security challenges in OT networks.

Read this story
Past & fu­ture OT cy­ber in­ci­dent re­sponse
05. September 2024

Past & Future Disaster Recovery for the Power Grid

In the first episode of our miniseries, Andreas Klien & Simon Rommer explore the critical roles of IT & OT in cyber incident response & disaster recovery.

Read this story
EnergyTalks, Podcast Episode
05. September 2024

Cybersecurity Podcast Miniseries

This miniseries "Cybersecurity in the Power Grid" provides you with a 360-degree view of how you can best safeguard your infrastructure from cyber attacks.

Read this story
Podcast Episodes with Simon Rommer
27. August 2024

Why Should You Talk About Incident Response?

In our cybersecurity podcast miniseries, experts share why talking about incident response today is key to being prepared tomorrow.

Read this story
Internet Connected OT Devices
25. August 2024

Internet-Connected OT Devices

Are your operational technology (OT) devices connected to external networks? If yes, this presents an alarming but often overlooked threat.

Read this story
CVE-2024-37998
26. July 2024

Critical Vulnerability in Siemens OT Systems

NIST has identified a vulnerability in SICAM SCADA systems that could allow an unauthorized individual to gain administrator rights on the OT systems.

Read this story
Advisories and How to Use Them
12. July 2024

Advisories and How to Use Them

We look at the diverse world of security advisories and how to use them, and the wealth of experience of our experts in developing our OMICRON advisories.

Read this story
Marcel Ströhle, Podcast Episode, OMICRON
03. July 2024

Minimizing Cybersecurity Vulnerabilities at the Hardware Level

Why do hardware devices, in addition to software, need to be secured against cyber threats. OMICRON hardware developer Marcel Ströhle is the guest.

Read this story
Firewalls under Attack, Holger Skaus
20. June 2024

Firewalls Under Attack - How to Protect Your IT/OT Systems

Firewalls are the first line of defense in protecting critical infrastructures in cyberspace. This makes them particularly attractive to attackers.

Read this story
StationGuard 2.40, OMICRON
21. May 2024

StationGuard 2.40 – New Usability Upgrades

The new version brings along many usability upgrades, incl. MMS server availability, improved router behavior, and more …

Read this story
EnergyTalks, Podcast Episode, Part 7
21. May 2024

Cracking the Code: How to Uncover Cyber Attacks on Your System

Learn how the OMICRON cybersecurity experts analyze incoming alarms and reveal hidden dangers that threaten the safety and operations of an entire system.

Read this story
Vulnerability Management, Andreas Klien
14. May 2024

Vulnerability Management in Practice

Gath­er­ ad­vi­sories, up­date your GridOps vul­ner­a­bil­ity data­base, tend to your as­set in­ven­tory, vul­ner­a­bil­ity match­ing, & risk as­sess­ment.

Read this story
NIST - 2024
24. April 2024

NIST Cybersecurity Framework 2.0 at a Glance

On February 26, 2024 the National Institute of Standards and Technology (NIST) published the second version of the NIST Cybersecurity Framework (CSF 2.0).

Read this story
Cybersecurity Regulations
09. April 2024

State of the Art in Vulnerability Management

With the German IT Security Act, energy utility operators are required to adhere to the "state of the art" to manage cyber risks effectively.

Read this story
OMI­CRON Con­tributes to Nmap Plug-In
26. March 2024

OMI­CRON Con­tributes to Nmap Plug-In

We collaborated with the BSI and the Fraunhofer Institute to develop an nmap plug-in for OT networks, enhancing tools for power grid administrators.

Read this story
EnergyTalks, Podcast Episode, Ron Brash, Andreas Klien
13. February 2024

Chances & Risks of Operational Technology in the Energy and Aviation Sectors

Andreas Klien discusses the differences & similarities of using OT technology in the aviation & electrical power industry sectors with his guest Ron Brash.

Read this story
Sarah Fluchs, Andreas Klien, Podcast Episode
11. January 2024

Building trust in digital products used in the power grid

In this podcast episode, Andreas Klien, discusses the security engineering of digital products used in the power grid with his guest, Sarah Fluchs.

Read this story
OMICRON EnergyTalks - Podcast episode
10. January 2024

Experiences & Innovations in Developing Cybersecurity Products

In this podcast episode, Anastasiya and Jaques share their experiences, challenges, and innovations in developing our cybersecurity products.

Read this story
StationGuard Receives Security Certificate from the BSI
16. December 2023

StationGuard Receives Security Certificate from the BSI

The German Federal Office for Information Security (BSI) has tested our StationGuard and awarded us the IT security certificate (BSZ) as a result.

Read this story
CVE-2023-45871 - Finding and Patching a Critical Vulnerability in Linux, Eric Heindl
03. December 2023

At­ten­tion CVE-2023-45871 - Our Story of Finding and Patching a Critical Vulnerability in Linux

You think your linux devices are immune to cyber attacks just because there's no official security advisory? You might be wrong.

Read this story
EnergyTalks, Podcast Episode
05. November 2023

Solving Cybersecurity Problems in Electrical Power Networks

OMICRON cybersecurity analysts Christoph Rheinberger and Eric Heindl share their personal experiences for IT and OT security officers.

Read this story
OMICRON Podcast Episode with Thomas Wolf and Ozan Dayanc
04. October 2023

Why do OT networks need an IDS?

Discover the challenges faced by power providers and practical recommendations for enhancing OT network security.

Read this story
StationGuard Release 2.40
01. October 2023

StationGuard 2.30 – Improved Efficiency for Intrusion Detection

With StationGuard 2.30, you can imrove your workflows. The intrusion detection system (IDS) enables you to monitor Ethernet networks in the power grid.

Read this story
Podcast Episode 2, OMICRON
07. September 2023

Digital Transformation in the Power Industry

In this podcast episode, learn how to successfully implement cybersecurity into critical power system infrastructures with OMICRON cybersecurity experts.

Read this story
Podcast, Andreas Klien, OMICRON
07. September 2023

Vulnerability Management in Substations

Learn how vulnerability management tools ensure a more effective cybersecurity in power grids.

Read this story
Podcast Episode 1, OMICRON
01. September 2023

Bridging the gap between IT and OT

OMICRON cybersecurity expert Benjamin Teudeloff talks about the increasing necessity for power providers to improve their cybersecurity practices.

Read this story
OMICRON Magazine: Security Assessment Findings
29. August 2023

Security Assessment Findings in Substations and Power Plants

Our cybersecurity expert, Ozan Dayanc, reveals insights from global substation security assessments.

Read this story
Video: STW-Kempen
29. August 2023

Cybersecurity from the Control Center to the Substation

Cybersecurity from the Control Center to the Substation - Stadtwerke Kempen is Building a New Substation with OMICRON

Read this story
StationGuard Feature: Search In ZeroLine
18. August 2023

Feature Preview: Device Search in ZeroLine

StationGuard has a a new search feature that makes it easy to find all equipment information in your network.

Read this story
StationGuard Feature: Automatic Device Classification
18. August 2023

Feature Preview: Automatic Device Classification

StationGuard 2.30 will include a new feature that makes it easier than ever to assess and secure your OT network.

Read this story
Tibor Külkey, Alsec

Tibor Külkey

OT Security Consultant, ALSEC Cyber Security Consulting AG

Tibor Külkey has a consulting background in cyber resilience with a strong focus on industrial companies. As part of ALSEC Cybersecurity Consulting, he specializes in OT security across sectors, from energy to other critical infrastructures. His team combines strategic consulting, OT penetration testing, and lab-based OT technology validation, and he also lectures on OT security at various organizations and universities.