top of page
AB-ND Warns: Swiss Intelligence Service NDB has itself become a target for espionage

26. Mai 2026

Richard Krauss

The independent oversight authority AB-ND issues a stark warning: Switzerland’s Federal Intelligence Service (NDB) has itself become a target of foreign espionage. Serious cyber vulnerabilities, inadequate security controls, and suspected Russian influence operations now threaten the agency’s integrity. Neutral Switzerland is increasingly drawn into the global intelligence war between major powers. Experts demand urgent reforms, stronger protective measures, and tighter controls. Without swift action, the country risks losing highly sensitive data and suffering a serious blow to its national sovereignty. A wake-up call for Bern.

Switzerland’s Federal Intelligence Service (NDB) faces mounting pressure stemming from foreign espionage activities, internal structural issues, and the shift of modern intelligence operations into the hybrid domain. Security authorities now assess the density of threats in Switzerland as historically high. NDB Director Serge Bavaud himself describes the situation as an "unprecedented threat landscape." In this context, Russian, Chinese, and Iranian intelligence services utilize Switzerland not only as a primary target for intelligence gathering but increasingly as an operational hub for operations directed against European states, international organizations, and Western economic structures.


Due to its geopolitical makeup, Switzerland possesses exceptionally high intelligence value. Geneva hosts key institutions of the United Nations and the World Health Organization, as well as numerous forums for disarmament, trade, and diplomatic negotiations. Concurrently, Zurich and Zug serve as hubs for the financial industry, commodities trading, and high-tech enterprises. For foreign intelligence services, this creates a dense operational environment conducive to HUMINT, SIGINT, cyber, and influence operations.


Swiss oversight bodies have become particularly critical regarding the internal vulnerabilities of the intelligence service itself. In 2026, the independent oversight authority (AB-ND) issued an explicit warning that frustrated or disaffected employees could present an attractive target for foreign intelligence services. This concern stems from years of internal reform processes, leadership changes, and organizational tensions within the NDB. The oversight body criticized the service for reacting too slowly to internal security risks in some instances, and for struggling to take decisive action when concrete suspicions arise.


These warnings carry operational significance, as several specific cases of suspected espionage are already under investigation. The Office of the Attorney General of Switzerland continues to conduct investigations into alleged information leaks from within the NDB’s cyber defense division to Russian entities. At the center of these investigations is the suspicion that information regarding the Russian security firm Kaspersky was passed on to Russian intelligence services—including the GRU, Russia’s military intelligence agency. Concurrently, investigations are underway against a Swiss colonel—affiliated with the OSCE delegation—on suspicion of having leaked information to Russia. Jurisdiction in this matter is partially shared between the military justice system and the Office of the Attorney General, a situation typical of proceedings involving both international law and military contexts.


The NDB’s operational weakness lies less in the technical realm than in its structural size and organizational burden. In recent years, several parliamentary oversight reports have criticized instances of duplication, lengthy decision-making chains, and unclear lines of responsibility. Serge Bavaud is addressing these issues through a comprehensive restructuring of the service. The current six directorates are set to be consolidated into four by early 2027: "Operations," "Leadership & Governance," "Resources," and "Technology & Capabilities." The objective is to streamline decision-making processes, minimize organizational friction, and sharpen the focus on core operational mandates.


This reorganization holds immediate significance for security policy, as modern intelligence operations are increasingly shifting away from traditional human intelligence (HUMINT) toward integrated forms of hybrid warfare. Consequently, the traditional distinctions between cyber defense, counter-espionage, and influence operations are becoming increasingly blurred in operational practice. Today, Russian and Chinese actors systematically employ cyber operations for intelligence gathering, supply chain compromise, sabotage preparation, and the long-term infiltration of critical systems. Thus, cyber operations are no longer merely technical support tools for traditional espionage; they frequently constitute its primary operational domain.


Switzerland, in particular, is considered highly vulnerable in this regard. Its banking sector, data centers, pharmaceutical industry, communication networks, and research institutions are of immense strategic importance. These are joined by companies operating in fields such as AI, microelectronics, quantum technology, cryptography, and precision engineering. At the same time, Switzerland’s advanced digitalization significantly expands its structural attack surface, rendering it more susceptible to cyber operations and hybrid destabilization efforts. Since the beginning of the war in Ukraine, European security agencies have observed an increase in hybrid operations targeting energy, communication, and transport networks. The objective of such operations is often not immediate physical destruction, but rather long-term destabilization through cyberattacks, data manipulation, supply chain compromise, or influence operations. Highly digitized states with internationally interconnected infrastructure are considered particularly exposed in this regard. These very characteristics apply to Switzerland to a significant degree.


Despite Swiss neutrality, the NDB remains closely linked with Western networked with foreign intelligence services. Cooperative relationships exist, in particular, with Germany, France, the United Kingdom, and the USA. Switzerland relies heavily on international information exchange—particularly in the fields of counter-terrorism, cyber situational awareness, and counter-proliferation. At the same time, the NDB remains embedded within a legal and political framework that is significantly more restrictive than that of intelligence services belonging to formal alliance systems, such as the "Five Eyes" or NATO structures. Cooperation is conducted predominantly on a transactional, situational basis, driven by mutual interests.


The current NDB was established in 2010 through the merger of the Analysis and Prevention Service (DAP) and the Strategic Intelligence Service (SND). Its headquarters are located in Bern. The Service operates under the authority of the Federal Department of Defence, Civil Protection and Sport (DDPS). Serge Bavaud has served as the head of the NDB since November 2025. Prior to this role, his career included positions at the Crisis Management Centre of the Federal Department of Foreign Affairs, in the field of arms control and disarmament, and within the multilateral frameworks of the United Nations and the OSCE. Within the Swiss Armed Forces, he holds the rank of Colonel.


The organizational structure of the NDB comprises operational divisions dedicated to counter-espionage, counter-terrorism, counter-proliferation, cyber defense, international cooperation, situational and risk analysis, and technical intelligence. In this context, the traditional dividing lines between HUMINT, SIGINT, and cyber operations are becoming increasingly blurred; today, technical intelligence, data analysis, communications interception, and cyber operations are operationally intertwined. Concurrently, the Service maintains liaison officers at selected embassies and international diplomatic missions.


For Switzerland, the primary security policy challenge today lies less in traditional military threats than in the defense against hybrid forms of warfare targeting critical infrastructure, digital systems, and key economic sectors. Consequently, cyber defense, counter-espionage, supply chain security, and the protection of core technological competencies are emerging as the central pillars of Switzerland’s modern security architecture. It is precisely there that Switzerland’s extensive international connectivity and the limited size of its intelligence service directly intersect.


[DE]


Der Schweizer Nachrichtendienst des Bundes (NDB) steht unter wachsendem Druck durch russische, chinesische und iranische Spionageaktivitäten sowie durch die zunehmende Verlagerung moderner Nachrichtendienstoperationen in den Cyber- und Hybridbereich. Internationale Organisationen, Finanzplatz, Hochtechnologie und kritische Infrastruktur machen die Schweiz zu einem attraktiven Operationsraum fremder Dienste. Gleichzeitig warnen Aufsichtsbehörden vor internen Sicherheitsproblemen, personeller Überlastung und organisatorischen Schwächen innerhalb des NDB. Unter Direktor Serge Bavaud wird der Dienst deshalb umfassend umgebaut. Im Mittelpunkt stehen Spionageabwehr, Cyberabwehr, Schutz kritischer Infrastruktur und die Anpassung an hybride Bedrohungen gegen einen hochdigitalisierten und international vernetzten Staat.


Glossary


NDB (Nachrichtendienst des Bundes)
The Swiss Federal Intelligence Service responsible for intelligence collection, counterintelligence, counterterrorism, cyber defense and national security analysis.


AB-ND
Independent Swiss oversight authority supervising the legality and operational conduct of the Federal Intelligence Service.


HUMINT (Human Intelligence)
Intelligence collection conducted through human sources, informants, recruitment operations and interpersonal access.


SIGINT (Signals Intelligence)
Intelligence derived from intercepted communications, electronic emissions and technical signal collection.


Hybrid Threats
Integrated operations combining cyberattacks, espionage, influence campaigns, economic pressure, sabotage and information warfare.


Cyber Counterintelligence
Defensive and offensive measures aimed at detecting, disrupting and preventing cyber-enabled espionage activities.


GRU
Russian military intelligence service formally known as the Main Directorate of the General Staff of the Armed Forces of the Russian Federation.


Critical Infrastructure (KRITIS)
Strategically essential systems such as energy networks, telecommunications, banking infrastructure, transport systems and data centers.


Supply Chain Compromise
The infiltration or manipulation of technological, logistical or software supply chains in order to gain covert operational access.


Influence Operations
Covert or semi-covert activities intended to shape political decisions, public perception or institutional behavior.


OSZE / OSCE (Organization for Security and Co-operation in Europe)
International security organization focused on conflict prevention, arms control, election monitoring and diplomatic coordination.


Counterintelligence
Activities designed to detect, prevent and neutralize espionage, sabotage and foreign intelligence operations.


Cyber Operations
State-directed digital activities targeting information systems, networks, infrastructure or data environments.


Proliferation
The spread of weapons technologies, dual-use systems or materials related to weapons of mass destruction.


Operational Hub
A geographic or logistical center used to coordinate intelligence, cyber or influence operations across multiple regions.


Five Eyes
Intelligence-sharing alliance between the United States, United Kingdom, Canada, Australia and New Zealand.


APT (Advanced Persistent Threat)
Highly capable state-linked cyber actors conducting long-term espionage or sabotage operations against strategic targets.


Compartmentalization
Operational separation of information and personnel to limit exposure in case of compromise.


Liaison Officer
An intelligence representative stationed abroad to coordinate cooperation and intelligence exchange with partner services.


Electronic Surveillance
Technical monitoring of communications, networks or electronic systems for intelligence purposes.


Sources


Swiss Federal Intelligence Service (NDB)
https://www.ndb.admin.ch


Federal Department of Defence, Civil Protection and Sport (VBS)
https://www.vbs.admin.ch


Swiss Oversight Authority for Intelligence Activities (AB-ND)
https://www.ab-nd.admin.ch


SRF – Swiss Intelligence Service Becomes Attractive Target for Espionage
https://www.srf.ch/news/schweiz/aufsichtsbehoerde-warnt-schweizer-nachrichtendienst-ist-attraktives-ziel-fuer-spionage


SRF Echo der Zeit – New NDB Director Restructures the Intelligence Service
https://www.srf.ch/audio/echo-der-zeit/der-neue-ndb-chef-krempelt-den-geheimdienst-um


Swiss Federal Intelligence Act (NDG)
https://www.fedlex.admin.ch/eli/cc/2017/494/de


OSCE – Organization for Security and Co-operation in Europe
https://www.osce.org


United Nations Office at Geneva
https://www.ungeneva.org


NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)
https://ccdcoe.org


CSIS – Center for Strategic and International Studies
https://www.csis.org


RUSI – Royal United Services Institute
https://www.rusi.org


Bellingcat Investigations
https://www.bellingcat.com


Swiss Federal Office for Cybersecurity (BACS)
https://www.ncsc.admin.ch


The Geneva Centre for Security Policy (GCSP)
https://www.gcsp.ch


International Institute for Strategic Studies (IISS)
https://www.iiss.org

Expertise Tags (no search)
bottom of page