Topics:
The threat landscape is intensifying: The latest Swisscom Cybersecurity Threat Radar 2026 shows how AI-driven attacks, targeted supply chain manipulation, and hybrid attacks are dissolving the boundaries between digital and physical security.
This development requires a holistic view of cybersecurity. True operational resilience is only achieved through the combination of IT, OT, and physical protection. In data centers, industrial environments, and antenna sites, it becomes clear that cyber resilience is not purely a technology issue, but a system characteristic. This also includes drones as well as the opportunities and risks of artificial intelligence.
Swisscom data centers form the backbone of digital Switzerland and make a significant contribution to national security of supplies, thereby supporting the continuous operation of other critical sectors. At the same time, they are increasingly targeted by complex attacks:
AI-driven attacks are increasing and enable automated vulnerability discovery, precise phishing campaigns, and manipulation of log data.
Risks arising from software and cloud supply chains are growing, as attacks are increasingly carried out via third-party components.
Ransomware groups are becoming highly professional and are targeting critical infrastructure such as high-performance clusters and backup systems.
Swisscom addresses these risks with a zero-trust architecture: every access attempt is authenticated, authorized, and logged. Network segments are micro-segmented to prevent lateral movement—also in OT environments.
AI-supported systems continuously analyze anomalies across network, process, and authentication data. Through automated correlation in the SOC, early indicators of attack preparation are identified, for example through unusual script execution or unexpected system communication.
Attacks often do not directly target data but rather supporting systems such as power supply, climate control, or access systems. These systems are often less protected and can cause major operational disruptions or outages across multiple dependent systems even with relatively little effort. For this reason, Swisscom integrates physical sensors, intelligent access controls, video analytics, and system redundancy directly into its data center security concept.
In industrial and data center environments, digital and physical systems are converging—and with them, the associated risks. Supply chain attacks, manipulation of industrial control systems, and sabotage attempts are increasing.
As part of its B2B OT Security Services, Swisscom supports companies with key measures:
Transparency regarding assets, communication behavior, and vulnerabilities—even for legacy systems
Network segmentation and monitoring based on OT-specific protocols
Development of alternatives where direct patching is not feasible
Integration of OT alerts into existing SOC environments to create an integrated situation overview
Support in developing OT-specific processes such as incident and third-party risk management
With increasing system complexity, the risk of misconfigurations also rises. Swisscom therefore relies on role-based access control, multi-factor authentication, and continuous review of privileged actions.
Experience shows that technical security is only effective when it is embedded in organizational processes.
Drones are increasingly evolving from innovation to a security factor. They combine sensing, data processing, and communication—and, in extreme cases, can also be used as a physical weapon.
At Swisscom Broadcast, drones are used for inspections, live broadcasting, and situational awareness. As each drone is a connected system, the same security principles apply as for IT systems:
End-to-end encryption of command channels
Authentication of all control commands
Network isolation from production IT systems
Continuous telemetry analysis within the SOC
At the same time, the number of unauthorized drone flights over sensitive sites is increasing. Swisscom Broadcast therefore relies on a drone detection system: radar, radio, and optical sensors detect movement patterns, while AI evaluates signatures and compares them with known types. This enables early detection of potential espionage or sabotage attempts.
Particularly in the environment of data centers and communication facilities, this combination of active usage and passive detection is essential. Drone detection thus becomes an integral component of physical cybersecurity.
Attacks are increasingly hybrid and multi-stage. Digital, operational, and physical vectors are interconnected. An isolated view of individual domains is no longer sufficient.
Swisscom therefore designs its security architecture in such a way that IT, OT, and physical signals are processed together. The SOC correlates data from networks, production environments, as well as access control and drone sensors to create a comprehensive situational overview.
Each alert is evaluated and prioritized according to the same principles—regardless of its origin.
The future of cybersecurity is cross-domain. Resilience emerges where IT, OT, and physical protection layers interact. Not every attack can be prevented—the critical factor is the ability to limit impact and respond quickly.
Security leaders must think beyond traditional data protection. Protection does not end at the perimeter—it includes supply chains, airspace, and human factors.
Cybersecurity is now a top management issue. At Swisscom, it has evolved from traditional defense to continuous resilience and is regularly trained through crisis scenarios.
Thomas Dummermuth is the Head of Physical Security, Safety, BCM, Emergency & Crisis Management at Swisscom, Switzerland's largest telecommunications company, and a large IT provider in the country.
