Protecting the utility ecosystem: A foundation for national security

Beyond VPNs and firewalls: Why SCION is the next step

Let’s take a step back for a moment. We know that the energy value chain is incredibly intertwined – from production to distribution and consumption – and its output also feeds all our critical sectors, such as hospitals, government agencies, and more. In light of this, the Internet is the only practical option for exchanging data in a highly interconnected sector like utilities, where different services depend on each other, share infrastructure, and are essential for all other critical sectors.

The alternative is private lines. But in reality, they are too expensive and too inflexible for today’s needs. That leaves utilities relying on the Internet, trying to protect their networks and systems from disruptions with VPNs and firewalls. And yet, these tools simply do not provide the level of security, resilience, and sovereignty that the sector requires.

This is where SCION (Scalability, Control, and Isolation on Next-Generation Networks), developed at ETH Zurich, comes in. SCION technology combines the best of both worlds: the security of private lines with the openness and flexibility of the Internet.

And it’s not just theory. SCION technology is already in use in Swiss healthcare and finance, where for example, more than 200 billion CHF are processed every day by over 300 institutions on the Secure Swiss Finance Network (SSFN).

Building an entire communication infrastructure on the SCION Internet is the most strategic way to secure a highly interconnected ecosystem such as the utility sector.

And this is where we started when we began ideating the Secure Swiss Utility Network (SSUN).

Today, the SSUN, based on SCION, provides a semi-open, sovereign communication infrastructure for the secure exchange of data between utility companies in Switzerland. For specific applications that require remote access, for example, field engineers and home offices, the SSUN network offers remote users the ability to access critical systems without jeopardizing the security of the entire system.

The building blocks of the Secure Swiss Utility Network

The SSUN was built from the ground up with trust at the center.

The SSUN is a network that includes only approved participants – both connectivity service providers and users. A governance model with certification authorities, who decide who can join the network and define clear criteria for its operation, was one of the first things we established. Here’s how it looks in practice:

1. Well-defined governance body

The governance of the SSUN is defined by the Association of Swiss Electricity Companies (Verband Schweizerischer Elektrizitätsunternehmen, VSE) with Axpo Systems and Litecom as certificate authorities and supported by AET and ALPIQ. This model ensures transparency, sectoral coordination, and compliance with national security objectives.

2. Multiple SCIONabled service providers

Service providers supply SCION connectivity to the SSUN for utility providers, water and gas companies. The SSUN includes Axpo Systems, Cyberlink, GAS&COM, Litecom, Sunrise and Swisscom.

3. Utility, water, and gas companies

These are the users of the network. They can join the SSUN either to access critical government-mandated applications or to protect their own services on the SCION Internet. In both cases, they connect through SCIONabled providers and benefit from the SSUN’s trusted, sovereign infrastructure, ensuring security, control, and reliability.

How the SSUN is built and managed: Governance & roles

Cybersecurity, resilience, and sovereignty with the SSUN

Whether utility, gas, and water companies join the SSUN to gain access to Swiss government-mandated applications or to leverage this platform to protect their own critical systems and services, they will benefit from:

Cybersecurity

On the SSUN, the attack surface is massively reduced by moving sensitive data exchange from the Internet to SCION, where participants in the network are carefully vetted by the governance body. In addition, today, zero-day exploits of VPNs and software are being accelerated by AI, what once took months to discover and weaponize can now be achieved in just days. This makes networks like the SSUN even more critical, as they reduce the attack surface of critical services by up to 99%, preventing DDoS and ransomware attacks.

Cyber resilience

With a multi-ISP setup, redundant connectivity, and multi-path options, the network is as strong as it possibly can be. There is no single connectivity vendor, which means that if one provider suffers an outage, the network still runs. On top of that, SCION offers fast failover: if a path is congested or breaks, data is redirected in less than a second (imperceptible to the human eye).

Digital sovereignty

The SSUN infrastructure is located entirely in Switzerland, and only Swiss ISPs and users are part of the network. This enhances data sovereignty and confidentiality, as utility-generated data cannot pass through foreign or unapproved ISPs and nations.

SSUN use cases – a little bit of inspiration

The SSUN network is now live. On August 21, 2025, all the major players came together in Bern for the launch of the SSUN. Utility, water, and gas companies can start onboarding the SSUN today. Here are just a few of the use cases utility operators and decision-makers can deploy on the SSUN.

• Swiss national data platform

  The SSUN enables a reliable connection to the national data platform (in accordance with the Electricity Ordinance StromVV and the VSE policies on standardized data exchange with the national data platform SDND). It secures the exchange of data for decentralized production and flexibility management of the grid.
  
  

• VSE’s emergency web portal «PowerTracker»

  In the event of a severe electricity shortage, the VSE is responsible for ensuring all Swiss citizens have continuous access to critical information through a dedicated website. This web service is hosted in Switzerland on VSE’s Azure cloud, protected by the EDGE on the SCION Internet. Access is restricted to Swiss citizens through the GATE, isolating the entire setup from the public Internet.
  
  

• Secure remote access at EKT AG

  With growing demands like remote work and supplier access, traditional VPNs created risks in latency, scalability, and data security for EKT AG. To solve this, they deployed Anapaya EDGE, connecting EKT AG’s internal systems to the SCION Internet. Thanks to Anapaya GATE, only remote employees located in Switzerland can connect to their internal systems, dramatically reducing the attack surface.
  
  

• SCIONabled SOC at Axpo Systems

  In response to growing cyber challenges, Axpo Systems has enhanced its SOC services for critical infrastructure by deploying SCION. Its SCIONabled SOC connects to customers via Anapaya EDGEs and GATEs, making it the first next-generation SCIONabled SOC.

SSUN, the de facto network for securing utility infrastructure in the digital age

The Secure Swiss Utility Network marks an important step in creating a trusted digital shield for critical infrastructure, in line with the National Cybersecurity Strategy. As a secure, autonomous, and interoperable network, it ensures operational continuity, a key requirement for a stable and reliable supply.

With this initiative, the energy sector demonstrates its commitment to strengthening digital sovereignty, driving innovation, and safeguarding essential services for the future.

Companies operating in the utility space can already begin migrating their services, benefiting from the security, resilience, and sovereignty that the SSUN provides. This applies to companies providing solar roofs or charging stations for cars, as well as heat pumps, smart homes, and other utility applications that are increasingly exposed to the Internet and turning into threat vectors for the Swiss power and utilities infrastructure. In accordance with the VSE policies SDND, connection to the SSUN will gradually become mandatory for all market partners linked to the national data platform by 2030.

Learn more about how you can become certified for the SSUN (in german).

Just as the financial sector secured its digital backbone with the SSFN, the utility sector is now taking its step forward. With the SSUN, Switzerland is setting a global example: how to keep critical infrastructure secure, sovereign, and resilient in the digital age.