contact us

We are here for you!

Contact us.

We will get back to you as soon as possible.

Exeon Analytics AG

Grubenstrasse 12
CH-8045 Zürich
Phone: +41 44 500 77 21

An expert statement on the recent RUAG hack

Yesterday evening, the Swiss Television program Rundschau showed in a special report that the networks of the now split RUAG (Swiss company specialised in aerospace engineering and the defense industry) is still extremely vulnerable 5 years after the big hack. This vulnerability is a threat to Switzerland's national security, as the RUAG network interfaces with various military, official and police institutions. In particular, the article shows the inadequate protection of the soon-to-be-privatised RUAG International, which continues to have active interfaces with the Swiss MRO arm of RUAG at various points in its IT infrastructure.

The attack on RUAG reveals the following vulnerabilities:
  • Numerous unmonitored servers 
  • No clear inventory of data, especially critical data 
  • Continued active interfaces in the IT infrastructure between the now unbundled RUAG International and the Swiss RUAG MRO 

Of course, the enormous complexity of unbundling and securing the RUAG networks must be taken into account when discussing these still serious security deficiencies. Nevertheless, it is extremely worrying how easily according to the Rundschau hackers can still move around RUAG’s networks today and thus access critical data – especially considering the far-reaching importance of the RUAG network for numerous system-critical Swiss institutions (e.g. Swisstopo, the Polycom security radio system, Armasuisse, the Federal Customs Administration, the National Cyber Security Centre or the Federal Intelligence Service). 

Regardless of whether external attackers have once again penetrated RUAG's network, or whether the hack was engineered by a dissatisfied employee, for example – which would also be problematic from a security point of view – we are of the opinion that:

  • Comprehensive monitoring of any network activity is crucial especially in this case, as 
    • the network has already been successfully attacked in the past and thus obviously has vulnerabilities 
    • the networks of RUAG MRO and RUAG International continue to have active interfaces despite organisational unbundling 
    • there is a high need to ensure that the networks have been successfully separated and remain so. 
  • Swiss monitoring solutions that guarantee national sovereignty are needed for system-critical Swiss infrastructure. This is because system-relevant institutions also have to rely on international hardware and software in some cases. But in order to understand the exact nature of data flows of these international products are, solutions are needed that monitor the IT infrastructure regardless of the origin of the hardware and software. 
  • Switzerland will continue to be targeted by international, state-sponsored cyber attacks in the future – and presumably to an even greater extent. Geopolitically motivated cyber attacks are on the rise and it is becoming increasingly difficult for neutral Switzerland to escape these global tensions. Particularly with Switzerland's tradition of neutrality, it is attractive for state actors to put Switzerland and thus its neutrality under pressure via cyber attacks. For this, network monitoring solutions that can also detect new types of attacks early and reliably are of elementary importance.

It must be our ambition to be able to guarantee control over the trustworthiness, integrity, availability, transmission, storage and processing of data from within Switzerland. Fortunately, Switzerland has a very active and internationally successful ecosystem in the area of cyber security, also thanks to its strong technical universities, which can help to protect the system-critical Swiss infrastructure from national and international hacker attacks. Our Network Detection and Response solution can make a decisive contribution to this by detecting attacks that would remain undetected by common prevention measures before they cause damage to the network.  

Expert assesment by:

Dr. David Gugelmann, CEO and Founder Exeon Analytics AG: 

  • Over 10 years of research in network security and machine learning  
  • Former contract hacker 
  • Regular speaker at international conferences, e.g. NATO (Cyber Defense Conferency CyCon) 

The author: David Gugelmann, CEO and Founder of Exeon

Trusted by