What are the benefits to companies of a resilient network like SCION? William Boye, Head of Network Services at the Swiss National Bank, talks about the possibilities and limitations in an interview, as well as his experience in setting up the Secure Swiss Finance Network.
Text: Andreas Heer, Image: Adobe Stock, September 7th,
The fundamental concepts of the internet originate from a time when IT security was only a minor aspect. Half a century later, these approaches are problematic. Reliable and secure communication is not guaranteed – the keywords here are cyberattacks and DDoS attacks.
Developed at ETH Zurich, the SCION network architecture, aims to eliminate this disadvantage. This routing protocol provides the prerequisites for resilient communication. Not only can SCION direct traffic via predefined paths, it can also quickly switch to an alternative route in the event of a fault. In addition, all nodes in the SCION network – the participants – are authenticated and, thus, known. Access is made more difficult for anonymous attackers. The prerequisite for the use of this technology is that it requires network components that support the new routing protocol.
Its features make SCION interesting for an industry in which secure, reliable and fast communication is essential: the financial sector. The ‘Secure Swiss Finance Network’ (SSFN), which is based on SCION, has been in operation since last November. Among other things, it is used for communication between the financial institutions involved, for the processing of payments between banks in the central payment transaction system, the Swiss Interbank Clearing (SIC system), and, in future, also other applications in the financial sector.
SSFN is a joint project between SIX, SNB, various pilot banks and the telecommunications companies Swisscom, Sunrise and SWITCH. The Swiss National Bank (SNB) was involved in the planning and implementation from the outset. We spoke to William Boye. The Head of Network Services at the SNB is also the technical project manager for the SSFN on behalf of the SNB.
Amongst other things, the Swiss National Bank has a statutory mandate to facilitate and make secure the operation of cashless payment systems. In this context, the SNB acts as the client and system manager of the SIC system. It got involved in this project to further increase the resilience of the financial system against cyber risks. Our role was to build a more secure communication network for the Swiss financial community, not a ‘new internet’.
SCION guarantees stability and flexibility. The individual SSFN participants can now also communicate directly with each other, which is not possible via the existing Finance IPNet. Access also takes place via certificate-based authorisation. This means that the individual participants can be identified and access by outsiders is not possible. The network made available by the SCION provider cannot be blocked by DDoS attacks from the global internet. And because the network runs redundantly through different providers, we can automatically switch to a different network path via different providers in the event of a fault. This resilience, stability and security at the routing level cannot be provided by the existing Finance IPNet or the internet in its current state.
We believe that critical infrastructures should not communicate directly over the global internet, but on the basis of shared network offerings from providers with secure routing architectures such as SCION. I imagine that the SSFN concept could be used in the same way, for example, in energy supply and healthcare. Data communication at and between government levels – federal, cantonal and municipal – could also be managed sensibly via a SCION-based network of providers.
Of course, SCION networks only work with providers who also support this technology and install the appropriate network nodes. That’s why I’m delighted that Sunrise, Swisscom and SWITCH have started this collaboration in Switzerland. We are now seeing the fruits of this with the SSFN. The qualitative new use cases that can result from closer cooperation between providers with secure routing technology are, in my opinion, very valuable and strategically important given the global uncertainties we are currently experiencing. If providers can also manage to integrate the mobile communications of our smartphones into the routing architecture, things will become even more exciting.
Our goal was to build a resilient communications infrastructure, and that’s what we’ve achieved. It is now important and a good idea for other financial institutions to examine the benefits of the SSFN for themselves and get involved. Other providers should also explore the opportunities of participating in the SCION network and joining it.
What the SNB plans beyond the SSFN is to ensure that SNB employees are able to work from home via the SCION network of providers. Working from home is currently done generally via the global open internet and is vulnerable to DDoS attacks. In contrast, our working-from-home pilot project with Swisscom and Sunrise uses the SCION network and has already been successfully completed. The concept is easy to implement via the SCION network, and it offers a high level of protection. Therefore, I feel that ensuring companies are able to work from home is an important use case for Swiss telecommunications companies – with strategic value for the Swiss economy.
William Boye and Fritz Steinmann (SIX) will present the development of the SSFN at SCION Day 2022.
More on the topic: