24. SSF Security Talk | Hybrid warfare - How can we protect Switzerland’s critical infrastructure?
The 24th SSF Security Talk of the Swiss Security Forum, held in collaboration with the Security Policy Forum St. Gallen (SPF), focused on the protection of Switzerland’s critical infrastructures in the context of hybrid warfare.
Keynote 1: Christian Sigrist, Deputy Director of the Federal Intelligence Service (FIS), Head of the Impact Centre Prevention (ICP)
Christian Sigrist introduced the current threat situation for Switzerland and its critical infrastructures posed by hybrid threats. Hybrid conflict, he stated, is a daily reality and threatens nothing less than our democratic core values. Critical infrastructures are only one of many targets of hybrid warfare — ultimately, the objective is the undermining of the democratic system as a whole. The combination of military and non-military means, as well as deliberate obfuscation, makes attribution and thus clear responsibility assignment more difficult. According to the NDB’s situation radar, there are currently 15 simultaneous hotspots — a density of threats not experienced by Switzerland since the Second World War.
State-sponsored cyber actors act persistently and invest considerable resources to achieve their goals. Technological progress creates new vulnerabilities that can be deliberately exploited. Democracies are particularly at risk, as their processes often react too slowly to keep pace with the dynamics of technological developments. Sigrist highlighted Switzerland’s networked system and the national as well as international cooperation as major strengths.
The NDB contributes significantly to national security through early detection, prevention, and attribution. However, this also requires sufficient resources and the appropriate political framework.
Keynote 2: Nick Wenger, Head of the Critical Infrastructure Protection Office at the Federal Office for Civil Protection (FOCP)
Nick Wenger then presented the main focus areas of BABS in the field of critical infrastructure protection. The term “critical infrastructure” often leads to false expectations. It refers not only to facilities, but to entire supply and service processes — in other words, everything needed to ensure essential goods and services.
An integrated risk management approach is essential. Risks range from natural hazards and technical disruptions to cyber risks and societal threats. The goal is not absolute protection, but the prioritisation and targeted implementation of preventive and damage-mitigating measures.
Wenger then explained the national Critical Infrastructure Protection Strategy (SKI): it is a joint strategy of the federal government, cantons, municipalities, and operators, and includes eight key areas, among them the improvement of resilience, maintaining an updated SKI inventory, and precautionary operational planning. Implementation is now closely supported by a Federal Council committee composed of the UVEK, EFD, and VBS. Sector-specific expert offices also play an important role; their task is to develop risk assessments in their respective fields and to design measures to strengthen resilience. A shared data basis is particularly important to enable coordinated action among all partners.
A political discussion is currently underway regarding binding resilience requirements for critical infrastructure operators. Approximately half of these infrastructures fall under federal responsibility, the remainder under cantonal or municipal jurisdiction — making coordination particularly demanding. The protection of critical infrastructures remains a classic joint responsibility that can only succeed through close cooperation among all actors.
Keynote 3: Jörg Köhler, Head of the Office for Military and Civil Protection, Canton of St. Gallen
Jörg Köhler examined the challenges from his perspective as head of the office and chair of the specialist group of cantonal chiefs of staff. He identified four central areas of threat: cybersecurity, electricity supply, air defence, and “the minds” — meaning the awareness and readiness of the population.
Hybrid warfare, Köhler said, works according to the principle of “boiling the frog”: the threat increases gradually until it is too late. We are already in the midst of this process. Köhler illustrated the complexity of hybrid threats using current examples — from cyberattacks on key facilities to acts of sabotage and drone threats capable of overwhelming defence systems. Furthermore, there is often a lack of public awareness: according to current surveys, national defence is not a priority for many Swiss, which he described as a dangerous naivety.
The Canton of St. Gallen is currently developing its own civil protection strategy based on the government’s priority planning for 2025–2035, with the aim of strengthening the resilience of administration, the economy, and the population. Education, media literacy, and critical thinking are also crucial. Authorities can intervene only selectively; the population must learn to assume responsibility itself, as personal responsibility is more necessary than ever in times of crisis.
His conclusion: Switzerland has many gaps and must concentrate its efforts on the essentials. Cyber defence, electricity supply, and airspace control are the priorities — those who have these under control can already anticipate 80% of the threats.
Greetin Message: State Councillor Christof Hartmann, Head of the Department of Security and Justice, Canton of St. Gallen
State Councillor Christof Hartmann emphasised in his greeting that the protection of critical infrastructures is a whole-of-society responsibility that goes far beyond technical security issues. Recent events such as sabotage or cyberattacks clearly demonstrate the vulnerability of key systems.
The cantonal SKI strategy currently under development combines physical, digital, and organisational aspects. It is important to understand that the state can act only subsidiarily — decisive are a culture of prevention, clear responsibilities, and close cooperation among all actors. Participants were encouraged to carry this message into their own areas of responsibility.
Panel Discussion
In the concluding panel discussion - moderated by Fredy Müller, Managing Director of the SSF - Markus Meile (Chief of Staff, Crisis Management Organisation, City of Zurich), Philipp Isler (Chief Safety & Security Officer, Swissgrid AG), Johannes Goebel (Team Lead Special Risks & Cyber Scale-up, Helvetia), Nick Wenger (Head of the Critical Infrastructure Protection Office, FOCP), Oberstlt i Gst Dino Candrian (Head of Operations & Training, Territorial Division 4, Swiss Armed Forces) discussed various aspects and challenges of protecting critical infrastructures.
Markus Meile emphasised that the City of Zurich is already well positioned in crisis management and critical infrastructure protection. An integrated risk management system exists, capturing the various sectors and organisational units. However, the real challenge begins when these structures must operate together as a network during a crisis.
Meile placed particular emphasis on the population as part of the solution. With the so-called “Resilience Weeks,” an instrument was created to make the topic of resilience practical and tangible. In cooperation with community centres, the population had the opportunity to inform themselves, visit meeting points, and learn about concrete emergency preparedness measures. Interest was high — a clear sign that people wish to be informed when they are actively involved. Communication, transparency, and participation are key factors in strengthening trust and responsibility among the population.
Philipp Isler highlighted the special responsibility of Swissgrid AG as the backbone of Switzerland’s electricity supply. He made it clear that Swissgrid, together with partners in the Swiss electricity sector, is committed to ensuring the safety and stability of the grid.
At the same time, he pointed out the other side of the coin: Swissgrid does not operate in isolation, but is closely integrated into the European electricity network. Reports from colleagues abroad are concerning — the threat situation is worsening. Switzerland can counter this development only through a high level of cooperation and professionalism. Swissgrid works closely with security agencies and authorities to implement appropriate protective measures — but 100% security is illusory. What matters is designing systems to remain functional even in case of an incident.
Isler stressed that Swissgrid has been investing significantly in cyber protection, physical security, and personnel for years. The human factor is particularly important. A major advantage of the Swiss grid lies in its networking and system architecture: the grid is redundant, meaning that one or more elements can fail at any time without the collapse of the overall system. This inherent resilience is a particular strength of the Swiss grid — enabling stability even under pressure. Nevertheless, the task remains to continuously strengthen physical and digital protection and deepen cooperation with European partners.
Johannes Goebel brought the perspective of the insurance industry into the discussion, emphasising that cyberattacks represent a permanent risk — especially for operators of critical infrastructures.
Goebel described a mix of hybrid aggressions whose origins and effects are closely intertwined. These professional attacks serve not only economic purposes but are part of strategic influence operations. Particularly problematic is that many incidents are not made public — out of fear of reputational damage or because the overall system continues to function despite the attack. Only major, visible disruptions — for example in industry or energy supply — are communicated to the public to prevent uncertainty and loss of confidence. A comprehensive damage assessment therefore does not exist.
Regarding prevention, Goebel explained Helvetia’s approach: the company systematically scans the IT landscapes of its customers for security vulnerabilities and prepares corresponding reports with recommendations for action. These proactive analyses regularly show that many weaknesses can be resolved with simple measures.
At the same time, he warned about the limits of insurability: especially for critical infrastructures, the so-called accumulation potential — the possibility that a single event affects many companies at the same time — is enormous. Potential losses can quickly exceed any insurable amount. Cyber insurance can therefore only be one building block in the overall system, not the solution itself. Cyber risks are no longer an isolated IT problem, but also a responsibility of top management.
Nick Wenger pointed out that although Switzerland has a robust networked system, coordination remains complex due to the federal structure. The protection of critical infrastructures is a shared responsibility. Constitutional amendments involving a shift of competencies from the cantons to the federal government are always politically sensitive. Nevertheless, it is important to create the legal basis enabling the federal government to effectively assume its role in protecting critical infrastructures.
With regard to prioritisation, Wenger explained that the federal government seeks to analyse systemic dependencies together with the cantons and all relevant actors in order to enable targeted protective measures. The goal is not to secure every object, but to stabilise the overall system. Therefore, prioritisation is necessary, as is the development of resilience concepts and business continuity plans, and preparing for potential failures and disruptions. Resilience is not a substitute for protection; rather, protection is part of a comprehensive resilience concept, Wenger summarised.
Oberstlt i Gst Dino Candrian described the role of the army within the networked system. In principle, political authorities decide when the army provides support in protecting critical infrastructures. Cooperation with civil authorities is very close and has intensified significantly in recent years. The army also has its own military critical infrastructures, whose protection represents a major challenge. Therefore, the army maintains registers of its own objects and dependencies.
Candrian further explained that the army prepares object dossiers for facilities of certain protection classes. These plans define which means can be used in an emergency to secure particularly important objects in the SKI inventory. The Territorial Division also has liaison officers assigned directly to various cantons, ensuring close contact with cantonal command staffs and enabling rapid communication. What concerns him, however, is that while hybrid threats are recognised politically and publicly, their full implications are not yet sufficiently considered. Candrian urged that the cascade of threats be thought through to the end and that the protection of critical infrastructures be seen as part of national defence capability. Political support and public awareness must once again be more actively lived.
The concluding audience questions once again underscored the heterogeneous threat landscape in the context of hybrid warfare.
The panelists agreed that protecting critical infrastructures requires a holistic approach and can only function through cooperation across all levels of government, sectors, and operators. Joint efforts are needed — from individual operators to authorities, international partners, and the population. Hybrid threats require not only technical defence measures, but also societal vigilance and political determination.
The Swiss Security Forum looks back on another successful event with around 120 interested guests and extends its sincere thanks to all speakers and participants for their valuable contributions. Special thanks also go to our colleagues at the Security Policy Forum St. Gallen (SPF) for the excellent cooperation.
The event programme can be found here.
Photo gallery:
(Photographer: Joèl Frei)
