Minimum standard to ensure ICT security for gas supplies


Regelwerk (PDF, 32 MB, 06.01.2021)

Reglementation (PDF, 41 MB, 06.01.2021)

This minimum standard is only available in German and French.

Developments in IT have led to the creation of information and communication technologies (ICT). Increasing numbers of businesses are automatising and interconnecting their control systems. Digitalisation optimises productivity and simplifies daily tasks, but at the same time it reduces the reliability and security of business systems. The aim of the ICT minimum standard in the gas sector is to improve cyber security of gas infrastructures in order to safeguard gas supply in Switzerland.

The ICT minimum standard for gas supply developed by the FONES and SVGW/SSIGE provides a framework for organisations working in the gas sector to both protect themselves against possible attack or handling errors and to restore their systems as quickly as possible after an incident occurs. This framework allows the organisation to evaluate the risk involved and to implement suitable measures.

The ICT minimum standard has been developed on sound bases such as the NIST Framework Core and the gas supply risk and vulnerability assessment conducted by the FONES. It ensures a uniform method for obtaining comparable results within a single sector and for optimising the security level of ICT systems for gas supply.

The current ICT minimum standard is divided into seven sections. The first contains an introduction to the minimum standard and to the gas sector as a critical infrastructure in national economic supply. The second focuses on the gas sector, presenting its structure, the ICT processes and an evaluation of its critical activities. This means that some of the measures in the cyber security programme can be prioritised so that gas companies can identify and secure those elements that are essential to the proper functioning of their installations.

Section 3 focuses on the specific requirements and constraints of an Industrial Control Systems (ICS). Sections 4 and 5 set out the different parts of the standards' cyber security programme. This includes risk management, defence-in-depth strategy and the NIST Framework Core cyber security measures. Finally, sections 6 and 7 round off the standard with a conclusion and the annexes.

Last modification 05.12.2023

Top of page