DDPS tests SCION network for Swiss cyber defence
The Federal Department of Defence, Civil Protection and Sport (DDPS) is testing the use of SCION network technology and is setting up a national SCION test infrastructure for this purpose at the Cyber-Defence (CYD) Campus, armasuisse Science and Technology, together with Swisscom, Sunrise and SWITCH.
11.11.2022 | Dr. Vincent Lenders, Cyber-Defence Campus, armasuisse Science and Technology
SCION is a novel Internet architecture which was developed ten years ago at ETH Zurich and was made marketable in the last five years by the ETH spin-off Anapaya Systems. The technology is replacing the less secure Internet Routing Protocol with a more secure and efficient protocol, thus solving several security problems of today’s Internet. The DDPS is interested in using this technology for Swiss cyber defence and is therefore testing the technology at the CYD Campus of armasuisse Science and Technology, together with Swiss industrial partners.
The three CYD Campus locations in Zurich, Lausanne and Thun will be equipped with SCION network connections from the companies Swisscom, Sunrise and SWITCH in November and will be made available as a national test infrastructure for the armed forces and security authorities for three years.
During this time, the resistance of SCION technology to various forms of cyber attacks such as DDoS attacks or route hijacking will be examined. In addition, the implementation of the technology with commercial Internet providers is to be actively pursued, as well as expanded and tested for the needs of Swiss cyber defence, based on specific use cases. The security tests are being carried out by employees of the CYD Campus as well as associated partner organisations from industry, academia and the armed forces.
The CYD Campus forms the link between the DDPS, industry and science for research, development and training in the area of cyber defence. As part of the DDPS’ Cyber Strategy 2021-2024, new technologies will be explored and innovative solutions for Swiss cyber defence developed at the CYD Campus. This project also supports the national strategy for protecting Switzerland from cyber risks (NCS).
Cyber attacks
Distributed-Denial of Service (DDoS)
DDos stands for Distributed Denial of Service attack. The cyber attack originates from a large number of computers, with the aim of causing the failure of one or more services or systems. The non-availability or the complete failure of services and systems is often due to an overload of the data network. As the DDoS attack is carried out from a large number of computers, it is difficult to determine or block each individual attacker via an IP address without interrupting communication with the network completely.
Route Hijacking
Route hijacking is the illegal acquisition of a group of IP addresses by falsifying Internet routing tables which are held in the Border Gateway Protocol (BGP). BGP is responsible for the navigation of data packages in the Internet. Attackers thus pretend to be owners of groups of IP addresses, known as IP prefixes, which they in reality do not possess or control or to which they do not redirect. The attackers are thus able to reroute data traffic at will.