Swiss OT-IT Cyber Security Forum

Past Forum

Swiss OT-IT Cyber Security Forum take place up to three times a year. This overview details past events.

1st Swiss OT-IT Cyber Security Forum

Taking an Integrated Approach to better Protect, Detect, Respond, and Recover OT & IT Environments from Cyber Attacks

Attack on critical infrastructures has evolved to a strategic tool for state actors as well as a tool for criminals to blackmail corporations. Fewer incidents have been observed with the aim of sabotaging the infrastructure which was the aim of notPetya. With this in mind the following questions regarding OT-IT installations should be addressed:

What is the need for protection, especially in respect to segmentation?
What is the need for detection, response and recovery?
What are attacking patterns, and which obstacles need to be in place to prevent the spread of the attacks?

Date: September 24, 2020

For more details please see the Personal Invitation

2nd Swiss OT-IT Cyber Security Forum

On Cloud Edge Industrial IoT (IIOT): Which additional security measures are needed? Core topic: The strategic trend is to report all sensors values to cloud, and then calculate from the cloud the steering or control values which will be delivered back to the infrastructure. Which new security aspects should be covered e.g. cloud security practices and cloud migration security support. Is patching compliant with the sectors rules?

Date: March 4, 2021, 12:45 - 17:30h
Place: Webex on-line meeting with discussion groups due

Speakers:

The need of end-to-end privacy, integrity and authenticity of OT/IoT device communication,
Andreas Thiel, Executive Director Product Centers at u-blox, Co-Founder
Securing digitalization in electrical systems with Quantum-safe high-speed communication,
Luca Haab, Global Technology Manager Wired Communications at Hitachi ABB Power Grids
Rouven Floeter, Global Product Manager Cybersecurity Solutions at Hitachi ABB Power Grids

Roundtable 1:
Implementing life-time and life-cycle end-to-end privacy, integrity and authenticity: how to approach and what must be considered?
Roundtable 2:
IIOT security: which concepts, architectures and technologies provide the required security level?

For more details please see the Personal Invitation

3rd Swiss OT-IT Cyber Security Forum

On Certification & Innovation: how to get the best out of both?
Which additional security measures are needed?
The policymakers understand continuous improvement systems and minimal standards as buzzword for improving situations, as in our case the cybersecurity of OT installations. Therefore, it is utmost important to know the recent certifications and the plans for the next strategic period for new certifications. Innovation starts at any place and is the only option to secure our cyberspace in the future.

But from innovation to certification it is usually a long way. Therefore, for our OT-IT discussion the following questions are relevant:

Which certifications are mandatory, and how to behave clever with optional certifications?
How to balance the need for certification and the need to continuously improve?
What are your experiences in balancing best between certification and innovation, and what would you like to change in future?

Date: June 10, 2021, 12:00-20:30h
Place: Axpo Kernkraftwerk Leibstadt

Speakers:

Advance approaches to automate OT security based on regulators’ will and attackers’ mind set,
Netanel Davidi, Co-Founder, Co-CEO, Member BoD; VDOO Connected Trust Ltd
Certification to advance to the required Cyber Maturity level,
Renate Verheijen, European Union Agency for Cyber Security (ENISA)

Roundtable 1:
Innovation in OT-IT: how do most of the recent advancement help?
Roundtable 2:
Certification & Innovation: How to get the best out of both?

For more details please see the Personal Invitation

4rd Swiss OT-IT Cyber Security Forum

United Crises Management OT-IT: How to benefit from better and well-tuned collaboration?
Traditionally, IT has its way how to deal with crises, and OT has also its own way to deal with crises. In earlier times there has been very little interaction between those two incident handling entities. With the rapid growth of the internet, the integration of business processes and control systems, and the connection of many OT devices, potential incidents may concern both organizations, and the collaboration between them makes the big difference for success when facing such crises. This event will give examples, debate the topic, and provide insights on:

How the interaction between OT and IT crises management can be improved.
How the crises collaboration of OT and IT can be assessed and tested with exercises.
What are typical learnings to be drawn from such exercises?

Date: September 23, 2021, 12:00 h - 20:30 h
Place: ABB Baden, Information will follow, depending on Covid situation

Keynotes:

Domestic Robotik (Domotik): what it means to bring the OT and IT network on a single protocol together.
Roland Ebnöther and Mark Vadalà, Domotik in Swiss Defense Department

Third party risks: Mitigations, Detections, and Investigations
Nicolas Tinguely KPMG and Ivo Maritz MSFPartners

Tabletop exercise on united OT-IT cyber crises management: what is the setup, how to bring the two communities together, and which findings will result.
David Cowen, Managing Director KPMG US, SANS trainer, and Blackhat & RSA speaker

Roundtable 1:
United Crises Management OT-IT: What are advantages and draw backs of joint incident response training/exercises, and how to close the OT-IT gap?
Roundtable 2:
Third party risks: How to detect, mitigate and improve the general situation?

For more details please see the Personal Invitation

5th Swiss OT-IT Cyber Security Forum

Next generation OT-IT architecture with IPv6, 5G and LPWAN: How to secure OT and IT in the next strategic period?

Cyber space is continuously developing, and we face three protocols: LPWAN (Low Power Wide Area Network) such as LoRa (Long Range Wide Area Protocol, for low data rates in widely distributed environments), 5G (next generation cell phone protocol, which is much faster, can nearly handle unlimited numbers of nodes and has extremely low delays) and IPv6 the new internet protocol. What do we need to prepare, to ensure companies get best value and usage of these technologies while keeping security at a high level? Indirectly we will also prepare the organization for a secure future, with an alignment accordingly.

In this frame we will discuss beneficial and new applications and elaborate on new security concepts, which will make OT-IT security ready for the future. The following questions are relevant:

With which applications companies can take advantage of new networking technologies?
How to align the architecture for being ready for this and future technologies?
Which changes you need in organization, technology, processes, and people skills?

Date: March 3, 2022, 13:15 h - 17:30 h

Keynotes:

5G and low power, low bandwidth wide area networks (LoRa, Sigfox): Architecture, security, and innovative applications
Gerrit Holtrup, Principal Security Engineer at Kudelski IoT

Preparing OT and IT security for the next strategic period: Aligning organization, technology, processes, people
Simon Schneiter, Cyber Security Expert, ensec

Roundtable 1:
Architecture, security, and innovative applications: How to take advantage securely?
Roundtable 2:
Aligning organization, technology, processes, people: Priorities, implementation, and changes.

For more details please see the Personal Invitation

6th Swiss OT-IT Cyber Security Forum

Outsourcing detection and response:
Identifying key issues for constructing successful partnerships

Cybersecurity itself is already quite challenging, but when it comes to detection and response, the complexity is increasing by far: Plenty of very special knowledge must be available for different tiers in analysis (detection) and response (the coordinated reaction between external provider and internal operations and management). The services an enterprise needs for the detect and response functions as well as the processes between external partner and the company play a crucial role on effectiveness and performance.

In this context, we will discuss key issues and share experiences of outsourcing detection and response with the goal to have a clear view on people, process, and technology. The following questions are relevant:

Which part of detection and response will always stay with your company?
By when to approach an outsourcing partner, and how to select specific services needed?
Which changes do you need in organization, technology, processes?

Date: June 21, 2022, 12:00 h - 20:00 h
Place: In-Person, Kernkraftwerk Leibstadt (KKL), directions will be communicated to registered participants.

Keynotes:

SOC partnership from a client view: Opportunities, pitfalls, and recommendation for success
Daniel Schirato, IT/OT Security Officer, Axpo

The diversity of outsourcing detection and response services: How to identify quality, right settings, and expectations?
Olivier Spielmann, Vice President, Global Managed Detection and Response, Kudelski Security

Roundtable 1:
Identify services, processes, and exercises to prepare a perfect integration into incident and crises management setup?
Roundtable 2:
How to assess (potential) partners, and identify essential criteria for success?

For more details please see the Personal Invitation

7th Swiss OT-IT Cyber Security Forum

Critical Infrastructures:
Are Our OT Devices Secure?

Securing networks with old and non-patchable devices or other insecure black boxes: Strategies, concepts, and implementation in context of critical infrastructure like e. g. hospitals and energy sector.

Insecure devices need micro segmentation as narrow as the functionality allows. In addition, the analysis and monitoring of network streams should be another line of defense: automated search for unusual behavior and anomalies with advanced machine learning and artificial intelligence methods may reveal additional malicious activities.

In this context, we will discuss key issues and share experiences of networks with old and non-patchable devices and insecure black boxes with the goal to have a clear view on this challenge. Such devices remain operational for twenty to thirty years, often with no security measures, and no patch mechanism. While advanced security experts start to demand quantum-safe cryptography for being life-time secure, the OT device integration is lagging and still fights with basic security issues. The following questions are relevant:

How to identify all OT asset concerned that must be secured?
Strategies for securing these types of devices, including future research ideas.
How to learn from advanced solutions (energy sector) and performing the right level of monitoring.

Date: September 13, 2022, 12:00 h - 20:00 h
Place: Die Mobiliar, Bundesgasse 35, 3001 Berne, close to Bern SBB main station

Keynotes:

The challenge of networks with old devices and two strategic views on mastering the challenge.
Erik Dinkel, CISO USZ and Michel Buri, CISO Hopital VS

Advanced security and monitoring solutions from the energy sector: what can we learn?
Rénald Marmet, Expert OT Systems bei BKW Hydro

Innovative and new products for better OT-Security
Tim Blazytko,co-founder emproof, OT-Security expert

Roundtable 1:
Identify asset, life cycles, risks and need for action, including re-procurement for healing the overall situation, and reducing the risks to the acceptable level.
Roundtable 2:
How to address the challenge to enhance the OT cyber security stepwise to reach a more secure status? Successful planning and implementation examples, learning from experience.

For more details please see the Personal Invitation

8th Swiss OT-IT Cyber Security Forum

Improving OT-Security:
Architecture – Measures – Organization

Improving OT Architecture has many facets, including educational, human, organizational, strategic, and technological factors. Our focus will be on the transformational process: How can OT security reach a new level of maturity and use the best supportive technology. We are going to explore which measures are available and how to design an overall security architecture, which is effective and efficient.

Organizational transformation is a permanent process, which must consider the overall ecosystem, so that it will be and remain supportive to address the security challenges. Especially in critical environments the priority must be resilience, which includes plenty of processes, as well as fast reaction on research and innovation on the attacker’s side. We expect in the next period a strong move to “nation state” similar attacks of money maker hackers. The funding earned by ransom enables them to play as top notches in the scene.

The Zero Trust Architecture (ZTA) is – some years after being proposed – in its initial deployment. However, ZTA is not a product and nothing you can order. Much more you need to dig into this new plan (or philosophy) step by step over several years. By doing so you can improve OT security significantly with architecture, zoning, secure identity (IAM), privileged access management (PAM), secured remote access (RAS), and other measures.

The following questions are relevant for this forum:

How to care for your organization’s security, while keeping the ties, enthusiasm, and engagement for security?
How to start a multiyear plan to implement Zero Trust Architecture?
How to track changes on the offender side to keep both, the protection, and the incident response up-to-date?

Date: Thursday, March 2, 2023, 12:00 h - 20:00 h
Place: Hitachi Energy, Bruggerstrasse 72, 5400 Baden, 10 min from Baden SBB station

Keynotes:

Security as a process – the challenge of constantly adapting in a critical environment
Hadeli Hadeli, Global Product Manager for Cybersecurity Solutions

Security in the infrastructure architecture: development – operation – automation
Chris Ditze-Stephan, HSLU lecturer

Roundtable 1:
Organizational measures: How to leverage technology to its full security power?
Roundtable 2:
Technology for better Security: a debate on options and performance of available measures, with a touch of Zero Trust Architecture.

For more details please see the Personal Invitation

9th Swiss OT-IT Cyber Security Forum

Securing Supply Chains: What does this mean for OT and IT

The consequences of the divide between NATO, Russia and China for the supply chain should be carefully analyzed and reacted upon. The USA is demonstrating a clear stance of no cooperation with nations having Chinese made devices in their infrastructures. Should conflicts intensify, and this is what all indicators predict, devices and equipment stemming from the conflicting side will suddenly be an extreme risk. Preparation for this scenario is unavoidable for all corporations with professional risk management.

The first step in creating a plan is to make an inventory of existing components, for the hardware and software. Then reflection starts, where the company could be potentially at risk. Finally, both, a strategic plan how to develop the systems and an emergency plan in case of more intense conflicts should be elaborated. Of course, we all do not want this happening, but we should be realistic, and acknowledge that such a scenario is today far more likely than earthquake and other potential risk.

In the supply chain multiple issues like geopolitical strategy (including information dominance and backdoors), transport, pandemic and human resources interact with one another and create dependencies, and new risks. In some cases, negative business consequences on the corporate balance sheet can be avoided by early replacement of high-risk components.

What does this mean for our community? Adopting a new strategy for IT components with 3 to 5 years of expected operating time is relatively easy in contrast to OT components, which usually have between 20 and 30 years of expected operating time.

Discussion points on these issues are:

Do you know your assets? do you perform inventory and asset management? If so, how up-to date is it? And to what level of detail do you manage your asset inventory?
Which plans and concepts have you prepared for addressing supply chain issues?
Are you ready to replace some, many, or all components which might have problematic issues with respect to strategic country policy?

Date: Thursday, June 22, 2023, 12:00 h - 20:30 h
Place: KWO, Hotel Handeck, Handegg 6, 3864 Guttannen

By car: Hotel Handeck (Google Maps: Hotel Handeck)

Public Transportation: KWO Shuttle: 11:30h Kraftwerke Oberhasli AG, Grimselstrasse 19, 3862 Innertkirchen.
Nearby train station Innnertkirchen (train from Meiringen arrives 11:25h)

Keynotes:

Global infrastructure resilience for national data: How to prepare for new and upcoming digital emergencies?
Christoph Schnidrig, Head of Technology, Amazon Web Services (AWS) Switzerland

The many facets of Supply Chain Security – – and how we should prepare and react?
Alex Diekmann, Director Corporate Security, u-blox AG

Roundtable 1:
New dimension of inventory and asset management: What do we really need to do?
Roundtable 2:
What can be done to maintain a high level of security and mitigate rising geopolitical risks?

For more details please see the Personal Invitation

10th Swiss OT-IT Cyber Security Forum

Human Factor in OT-IT, and between: Identifying the potential for better security and how to act for reaching a higher level of maturity.

Leading people is considered a great art, but to lead people in security, where only limited disciplinary measures are available, is a paramount art. We will approach the following topics and provide state of the art proposals regarding: How to measure awareness and security culture level, how to stimulate for security, how to get the buy-in, how to keep the interest on a high level, and how to bring the OT an IT communities together in a common track despite of their differences.

Creating a very good security means both: to care for a high level of technical security and to invest into workforce knowledge, behavior, and attitude. Failure in security culture means keeping a door open, in the weakest link: the employee. Cyber security specialists have already a decade and more of experience in “security shaping” employees, meanwhile this topic in the operational technology is rather new and must be developed from scratch in many enterprises.

We have two leading experts presenting: Tomas Schlienger with 25 years’ experience in awareness and security culture, successfully helping many corporations to align the employees with the cyber security requirements of the company. Matthias Glock is one of the early adopters making the employees of the OT workforce aware. Although the security is quite the same, but since the use case is different, the workforce has a different educational background and timelines are different, we need to reflect what this means for the awareness. Matthias will share with us the experience gained in SBB on this topic.

Discussion points on these issues are:

What are the commonalities in human behavior between the cyber security and the OT security communities?
What are the differences in human behavior between the cyber security and the OT security communities?
How to merge the two communities, cyber security, and OT security to get the maximumsecurity gain at lowest possible cost?

Date: Tuesday, September 19, 2023, 12:00 h - 20:30 h
Place: Eidgenössisches Institut für Metrologie METAS
Lindenweg 50, 3003 Bern-Wabern

Standort (metas.ch))

Keynotes:

Security Awareness Strategies: How to improve awareness with the least possible investment?
Thomas Schlienger, TreeSolution

Human Factor in OT and IT Security: What are commonalities and differences and what is their impact on better security?
Matthias Glock, Information Security Officer, SBB, Infrastructure Division

Roundtable 1:
Security culture, awareness, and behavior: Identifying successful and failing strategies.
Roundtable 2:
Merging OT security and IT security: Identifying challenges, options for improvement and tips for keeping the newly reached status on a high level.

For more details please see the Personal Invitation

11th Swiss OT-IT Cyber Security Forum

OT – IT – Cloud: How to handle cloud and multi-cloud securely?

Fact is that cloud migration has been foreseen form suppliers, as an unavoidable given. Therefore, we examine security.

First, we know that many experts do not like the cloud, and think they have better control on their infrastructure, if the equipment is local, and locally managed. However, reflecting which options you have for crises management and recovery, then it does not look good for local installation. External experts only can, mostly supplier can help. Therefore, it is an error to believe, that ownership leads to better control.

Second, we observe, that the security teams of cloud services are by for more experienced and provide a very high base level security, which is very difficult to bring into local installations. When we compare Swisscom with Google, the scale of security is obvious: Swisscom has about 500 experts in SOC, Google around 5000. The question who provides more security is easily answered.

Third, the cloud shift is dictated by the suppliers: Smart Meter suppliers, Honeywell, Siemens, Schneider Electric and many others deliver devices, which report bey default into the cloud and give the customer access to their data in the cloud. This means that customers have an easy access to their data and have many options to process their data. And in addition – many security challenges are already resolved, in the cloud.

We have to identified remain security issues which the customers must still care for, and how the shared responsibility is designed. Some of the tasks are contractual, some in security management, but also some are in technology.

Discussion points on these issues are:

Which security level provides the cloud?
How to coordinate security in multi-cloud environments?
How to design an overall security on-prem to cloud, which is really waterproof?

Date: Thursday, March 7, 2024, 12:00 h - 20:30 h
Place: Amazon Web Services, Marstrasse 2 – 2. Stock, 8002 Zürich

Keynotes:

Essential issues for OT driven organizations when transitioning to the cloud
Nabil Mghezzi Chaa, OT Cybersecurity Expert, Kudelski

Securing the Future: The Role of Cloud Services in Advancing On-Premise IT Security
André van Schalkwyk, CISO Straumann and Yuecel Karabulut, Principal Security Solutions Architect, Amazon Web Services

Roundtable 1:
Cloud and cloud security: what does it mean for OT and IT?
Roundtable 2:
OT single and multi-cloud: how to provide security and resilience?

For more details please see the Personal Invitation

12th Swiss OT-IT Cyber Security Forum

Real incidents: What can we learn from them?

The overarching goal and challenge is how to learn from incidents better than we do today. What triggers changes, how to implement those, and how to increase future level of security?

Does our organization need to experience incidents firsthand to learn from them, or can we gain insights from the incidents of others? To learn from other organizations’ incidents, we must thoroughly understand the details of those incidents and the lessons they have learned.

Firstly, after a major incident, the company will never be the same as before in respect to information & cyber security. Management attention and awareness are drastically heightened. But do we need such a shock to learn, or can we learn before a major event occurs? We will present three transformative incidents and their impact on future security processes, threat intelligence, and building partnerships with a SOC.

Secondly, we will examine the timeline, from incident to recovery and identify the most critical actions taken by those who learned it the hard way, i.e. from their own incident.

Lastly, we share lessons from these incidents, such that we can incorporate others’ learnings into our own security measures and security incident design. The keynotes will focus on this aspect, allowing you to evaluate your own concepts and implement necessary changes. The incidents themselves will be presented briefly as well, in to prepare and focus on the findings afterwards.

Discussion points on these issues are:

Which security level provides the cloud?
How to coordinate security in multi-cloud environments?
How to design an overall security on-prem to cloud, which is really waterproof?

Date: Thursday, June 27, 2024, 12:00 h - 20:30 h
Place: CKW AG, Rathausen 1, 6032 Emmen

Keynotes:

An Incident Triggers Changes: How to create a new level of security for the future?
Hans-Peter Aregger, former CIO Chemie Papier Holding AG

Combined IT/OT ransomware attack: how to integrate learnings enterprise-wide?
Alexey Kultyshkin, Head of Cyber Security & Risk / CISO Omya Business Services SLU

Nightmare Incident: How to wake up and implement learnings?
Alex Diekmann, Director Corporate Security, u-blox AG

Roundtable 1:
Incident sharing: How do you share, and how do you receive information on incidents: What are potential improvements?
Roundtable 2:
A new culture for learning from incidents: How to implement it.

For more details please see the Personal Invitation