In June 2022, the Zurich government council adopted a new cybersecurity strategy. This is intended to provide the framework “so that the government and administration can act proactively and effectively in the area of cyber risks.” The government stated in the strategy: “The canton of Zurich operates its own detection, protection, defense and management of cyber attacks.” The decision approved numerous new positions at the time.
One of these positions now needs to be filled. The cantonal office for information technology (AFI) is looking for a new program manager to implement the strategy. In response to our inquiry, the responsible finance directorate explained that the position had been filled for a year. However, the current program manager is moving internally to another position in the cantonal center for cyber security (CCSC).
Directly subordinate to the CCSC Director
The program management, in turn, reports directly to the canton’s information security officer, who heads the CCSC. According to the job advertisement, the person being sought has overall responsibility for the implementation of the cybersecurity strategy, for projects in the program and for “the planning and maintenance of the cross-directorate service portfolio in the area of cybersecurity.”
Strategy is being further developed
The cantonal cybersecurity strategy is a comprehensive project, explains media spokesperson Urs Neuenschwander. “Accordingly, implementation is carried out in coordination with all directorates and the State Chancellery. By implementing the strategy, the administrative units are provided with central services and resources, among other things.” The administrative units would use this offer to continuously improve their cybersecurity.
According to the government council’s decision, the first phase of the strategy focused on the threat situation, strengthening the cantonal administration and dealing with incidents. In a second phase from 2024, “efforts will also be directed at the canton’s other target groups, in particular its critical infrastructures.” The cybersecurity strategy will be regularly reviewed for its adequacy and supplemented with additional measures if necessary, emphasizes Neuenschwander. It is planned to further develop the strategy with the stakeholders in 2025.