13th Swiss OT-IT Cyber Security Forum
Future, Legislation and Regulation in Cyberspace:
Which action must be taken?
The vulnerability of the cyber infrastructure is more and more in the consciousness of politicians,
also because of a paramount number of incidents. This fact creates the will to act on the political side, which
means launching initiatives for new regulation and legislations. In quite similar way act professional organizations
and create best practices and frameworks.
Against this background several challenges raise: Too big variety of legislation and regulations, maybe some are
contradicting each other, violation of the principal of technology neutral formulation, not depicting sufficiently
new technological progress, a too local view of the global challenge, impossible demands in respect to supply chain
and its verification and documentation.
Recent incidents like CrowdStrike incident July 19, 2024, 4.09 UTC is creating more pressure to control the critical
sectors with the target to secure the infrastructure and add another layer of resilience. But in all these efforts the
companies operating such infrastructure, its capabilities and possibilities to change, as well as the available fund
for change got lost.
With the keynotes we want to depict the regulation, legislation and framework space and with the debate we want to
approach the solutions space with the questions in mind: Which priorities should be set, and which are the optimal
implementation strategies?
Date: September 12, 2024, 12:00 h - 20:30 h
Location: Swiss Post; Webergutstrasse 12, 3052 Zollikofen
Parking: Parking lots available nearby
Keynotes:
OT and IT security legislation & regulation: What is the recent status and what is
planned in near future?
Mark Sirsi, COO Cypurge GmbH
ICT Minimal standards: What does this mean for OT and CI?
BACS Expert, request pending
OT & IT legislation and regulation implementation strategies for best security and compliance:
What are the secrets?
Michael Knuchel, Head of Sub-Station Automation Systems Engineering, Swissgrid
Roundtable 1:Which are by now important legislation and regulations,
and which are the important upcoming OT- and IT-security legislation and regulations, and how to set priorities in this jungle?
Roundtable 2:Implementation strategies of recent and upcoming regulations:
How to act and setting priorities?
For more details please see the Personal Invitation
To register: Please send Registration Form or a full e-mail footer to info@OT-IT-CyberSecurityForum.ch
Swiss OT-IT Cyber Security Forum 14
Virtualization in OT: Baseline, best practices, and hardening: But how to provide
reliability and security?
OT virtualization is a shift in the market, and there is no chance to stop this development. Therefore, we want to
elaborate on the issue, and especially on the most critical points: reliability, security and supply chain. All the
respective three elements can create catastrophic events, as the CrowdStrike incident July 19, 2024, 4.09 UTC has
demonstrated
Date: Thursday, March 6, 2025, 12:00-20:30h
Place: Location Sponsor Stadler Rail, Busnang - waiting for confirmation
Speakers: TBD
Roundtable 1:Refining OT virtualization: How to design for
reliability and security?
Roundtable 2:OT Virtualization: Supply chain, implementation
and operation: What are best practices today and in near future?
Past Forum
Swiss OT-IT Cyber Security Forum take place up to three times a year. This overview details past events.
1st Swiss OT-IT Cyber Security Forum
Taking an Integrated Approach to better Protect, Detect, Respond, and Recover OT & IT Environments from Cyber Attacks
Attack on critical infrastructures has evolved to a strategic tool for state actors as well as a tool
for criminals to blackmail corporations. Fewer incidents have been observed with the aim of
sabotaging the infrastructure which was the aim of notPetya. With this in mind the following
questions regarding OT-IT installations should be addressed:
- What is the need for protection, especially in respect to segmentation?
- What is the need for detection, response and recovery?
- What are attacking patterns, and which obstacles need to be in place to prevent the spread of the attacks?
Date: September 24, 2020
For more details please see the Personal Invitation
2nd Swiss OT-IT Cyber Security Forum
On Cloud Edge Industrial IoT (IIOT): Which additional security measures are needed?
Core topic: The strategic trend is to report all sensors values to cloud, and then calculate from
the cloud the steering or control values which will be delivered back to the infrastructure. Which
new security aspects should be covered e.g. cloud security practices and cloud migration security
support. Is patching compliant with the sectors rules?
Date: March 4, 2021, 12:45 - 17:30h
Place: Webex on-line meeting with discussion groups due
Speakers:
- The need of end-to-end privacy, integrity and authenticity of OT/IoT device communication,
Andreas Thiel, Executive Director Product Centers at u-blox, Co-Founder
- Securing digitalization in electrical systems with Quantum-safe high-speed communication,
Luca Haab, Global Technology Manager Wired Communications at Hitachi ABB Power Grids
Rouven Floeter, Global Product Manager Cybersecurity Solutions at Hitachi ABB Power Grids
Roundtable 1:Implementing life-time and life-cycle end-to-end privacy, integrity and authenticity: how to approach and what must be considered?
Roundtable 2:IIOT security: which concepts, architectures and technologies provide the required security level?
For more details please see the Personal Invitation
3rd Swiss OT-IT Cyber Security Forum
On Certification & Innovation: how to get the best out of both?
Which additional security measures are needed?
The policymakers understand continuous improvement systems and minimal standards as buzzword for improving situations, as in our case the cybersecurity of OT installations. Therefore, it is utmost important to know the recent certifications and the plans for the next strategic period for new certifications. Innovation starts at any place and is the only option to secure our cyberspace in the future.
But from innovation to certification it is usually a long way. Therefore, for our OT-IT discussion the following questions
are relevant:
- Which certifications are mandatory, and how to behave clever with optional certifications?
- How to balance the need for certification and the need to continuously improve?
- What are your experiences in balancing best between certification and innovation, and what would you like to change in
future?
Date: June 10, 2021, 12:00-20:30h
Place: Axpo Kernkraftwerk Leibstadt
Speakers:
- Advance approaches to automate OT security based on regulators’ will and attackers’ mind set,
Netanel Davidi, Co-Founder, Co-CEO, Member BoD; VDOO Connected Trust Ltd
- Certification to advance to the required Cyber Maturity level,
Renate Verheijen, European Union Agency for Cyber Security (ENISA)
Roundtable 1:Innovation in OT-IT: how do most of the recent advancement help?
Roundtable 2:Certification & Innovation: How to get the best out of both?
For more details please see the Personal Invitation
4rd Swiss OT-IT Cyber Security Forum
United Crises Management OT-IT: How to benefit from better and well-tuned collaboration?
Traditionally, IT has its way how to deal with crises, and OT has also its own way to deal with crises.
In earlier times there has been very little interaction between those two incident handling entities.
With the rapid growth of the internet, the integration of business processes and control systems, and the
connection of many OT devices, potential incidents may concern both organizations, and the collaboration
between them makes the big difference for success when facing such crises. This event will give examples,
debate the topic, and provide insights on:
- How the interaction between OT and IT crises management can be improved.
- How the crises collaboration of OT and IT can be assessed and tested with exercises.
- What are typical learnings to be drawn from such exercises?
Date: September 23, 2021, 12:00 h - 20:30 h
Place: ABB Baden, Information will follow, depending on Covid situation
Keynotes:
Domestic Robotik (Domotik): what it means to bring the OT and IT network on a single protocol together.
Roland Ebnöther and Mark Vadalà, Domotik in Swiss Defense Department
Third party risks: Mitigations, Detections, and Investigations
Nicolas Tinguely KPMG and Ivo Maritz MSFPartners
Tabletop exercise on united OT-IT cyber crises management: what is the setup, how to bring the two communities together, and which findings will result.
David Cowen, Managing Director KPMG US, SANS trainer, and Blackhat & RSA speaker
Roundtable 1:United Crises Management OT-IT: What are advantages and draw backs of joint incident response training/exercises, and how to close the OT-IT gap?
Roundtable 2:Third party risks: How to detect, mitigate and improve the general situation?
For more details please see the Personal Invitation
5th Swiss OT-IT Cyber Security Forum
Next generation OT-IT architecture with IPv6, 5G and LPWAN: How to secure OT and IT in the next strategic period?
Cyber space is continuously developing, and we face three protocols: LPWAN (Low Power Wide Area Network)
such as LoRa (Long Range Wide Area Protocol, for low data rates in widely distributed environments), 5G
(next generation cell phone protocol, which is much faster, can nearly handle unlimited numbers of nodes
and has extremely low delays) and IPv6 the new internet protocol. What do we need to prepare, to ensure
companies get best value and usage of these technologies while keeping security at a high level? Indirectly
we will also prepare the organization for a secure future, with an alignment accordingly.
In this frame we will discuss beneficial and new applications and elaborate on new security concepts,
which will make OT-IT security ready for the future. The following questions are relevant:
- With which applications companies can take advantage of new networking technologies?
- How to align the architecture for being ready for this and future technologies?
- Which changes you need in organization, technology, processes, and people skills?
Date: March 3, 2022, 13:15 h - 17:30 h
Keynotes:
5G and low power, low bandwidth wide area networks (LoRa, Sigfox): Architecture, security, and innovative applications
Gerrit Holtrup, Principal Security Engineer at Kudelski IoT
Preparing OT and IT security for the next strategic period: Aligning organization, technology, processes, people
Simon Schneiter, Cyber Security Expert, ensec
Roundtable 1:Architecture, security, and innovative applications: How to take advantage securely?
Roundtable 2:Aligning organization, technology, processes, people: Priorities, implementation, and changes.
For more details please see the Personal Invitation
6th Swiss OT-IT Cyber Security Forum
Outsourcing detection and response:
Identifying key issues for constructing successful partnerships
Cybersecurity itself is already quite challenging, but when it comes to detection and response,
the complexity is increasing by far: Plenty of very special knowledge must be available for
different tiers in analysis (detection) and response (the coordinated reaction between external provider
and internal operations and management). The services an enterprise needs for the detect and
response functions as well as the processes between external partner and the company play a crucial
role on effectiveness and performance.
In this context, we will discuss key issues and share experiences of outsourcing detection and
response with the goal to have a clear view on people, process, and technology. The following
questions are relevant:
- Which part of detection and response will always stay with your company?
- By when to approach an outsourcing partner, and how to select specific services needed?
- Which changes do you need in organization, technology, processes?
Date: June 21, 2022, 12:00 h - 20:00 h
Place: In-Person, Kernkraftwerk Leibstadt (KKL), directions will be communicated to registered participants.
Keynotes:
SOC partnership from a client view: Opportunities, pitfalls, and recommendation for success
Daniel Schirato, IT/OT Security Officer, Axpo
The diversity of outsourcing detection and response services: How to identify quality, right settings, and expectations?
Olivier Spielmann, Vice President, Global Managed Detection and Response, Kudelski Security
Roundtable 1:Identify services, processes, and exercises to prepare a perfect integration into incident and crises management setup?
Roundtable 2:How to assess (potential) partners, and identify essential criteria for success?
For more details please see the Personal Invitation
7th Swiss OT-IT Cyber Security Forum
Critical Infrastructures:
Are Our OT Devices Secure?
Securing networks with old and non-patchable devices or other insecure black boxes: Strategies,
concepts, and implementation in context of critical infrastructure like e. g. hospitals and energy sector.
Insecure devices need micro segmentation as narrow as the functionality allows. In addition, the analysis
and monitoring of network streams should be another line of defense: automated search for unusual behavior and anomalies
with advanced machine learning and artificial intelligence methods may reveal additional malicious activities.
In this context, we will discuss key issues and share experiences of networks with old and non-patchable devices
and insecure black boxes with the goal to have a clear view on this challenge. Such devices remain operational for twenty to
thirty years, often with no security measures, and no patch mechanism. While advanced security experts start to demand
quantum-safe cryptography for being life-time secure, the OT device integration is lagging and still fights with basic
security issues. The following questions are relevant:
- How to identify all OT asset concerned that must be secured?
- Strategies for securing these types of devices, including future research ideas.
- How to learn from advanced solutions (energy sector) and performing the right level of monitoring.
Date: September 13, 2022, 12:00 h - 20:00 h
Place: Die Mobiliar, Bundesgasse 35, 3001 Berne, close to Bern SBB main station
Keynotes:
The challenge of networks with old devices and two strategic views on mastering the challenge.
Erik Dinkel, CISO USZ and Michel Buri, CISO Hopital VS
Advanced security and monitoring solutions from the energy sector: what can we learn?
Rénald Marmet, Expert OT Systems bei BKW Hydro
Innovative and new products for better OT-Security
Tim Blazytko,co-founder emproof, OT-Security expert
Roundtable 1:Identify asset, life cycles, risks and need for action,
including re-procurement for healing the overall situation, and reducing the risks to the acceptable level.
Roundtable 2:How to address the challenge to enhance the OT cyber
security stepwise to reach a more secure status? Successful planning and implementation examples, learning from experience.
For more details please see the Personal Invitation
8th Swiss OT-IT Cyber Security Forum
Improving OT-Security:
Architecture – Measures – Organization
Improving OT Architecture has many facets, including educational, human, organizational, strategic, and
technological factors. Our focus will be on the transformational process: How can OT security reach a new level of
maturity and use the best supportive technology. We are going to explore which measures are available and how to
design an overall security architecture, which is effective and efficient.
Organizational transformation is a permanent process, which must consider the overall ecosystem, so that
it will be and remain supportive to address the security challenges. Especially in critical environments the priority
must be resilience, which includes plenty of processes, as well as fast reaction on research and innovation on the
attacker’s side. We expect in the next period a strong move to “nation state” similar attacks of money maker hackers.
The funding earned by ransom enables them to play as top notches in the scene.
The Zero Trust Architecture (ZTA) is – some years after being proposed – in its initial deployment.
However, ZTA is not a product and nothing you can order. Much more you need to dig into this new plan (or philosophy)
step by step over several years. By doing so you can improve OT security significantly with architecture, zoning,
secure identity (IAM), privileged access management (PAM), secured remote access (RAS), and other measures.
The following questions are relevant for this forum:
- How to care for your organization’s security, while keeping the ties, enthusiasm, and engagement for security?
- How to start a multiyear plan to implement Zero Trust Architecture?
- How to track changes on the offender side to keep both, the protection, and the incident response up-to-date?
Date: Thursday, March 2, 2023, 12:00 h - 20:00 h
Place: Hitachi Energy, Bruggerstrasse 72, 5400 Baden, 10 min from Baden SBB station
Keynotes:
Security as a process – the challenge of constantly adapting in a critical environment
Hadeli Hadeli, Global Product Manager for Cybersecurity Solutions
Security in the infrastructure architecture: development – operation – automation
Chris Ditze-Stephan, HSLU lecturer
Roundtable 1:Organizational measures: How to leverage technology
to its full security power?
Roundtable 2:Technology for better Security: a debate on options
and performance of available measures, with a touch of Zero Trust Architecture.
For more details please see the Personal Invitation
9th Swiss OT-IT Cyber Security Forum
Securing Supply Chains: What does this mean for OT and IT
The consequences of the divide between NATO, Russia and China for the supply chain should be carefully analyzed
and reacted upon. The USA is demonstrating a clear stance of no cooperation with nations having Chinese made devices in
their infrastructures. Should conflicts intensify, and this is what all indicators predict, devices and equipment
stemming from the conflicting side will suddenly be an extreme risk. Preparation for this scenario is unavoidable
for all corporations with professional risk management.
The first step in creating a plan is to make an inventory of existing components, for the hardware and software. Then
reflection starts, where the company could be potentially at risk. Finally, both, a strategic plan how to develop the
systems and an emergency plan in case of more intense conflicts should be elaborated. Of course, we all do not want this
happening, but we should be realistic, and acknowledge that such a scenario is today far more likely than earthquake
and other potential risk.
In the supply chain multiple issues like geopolitical strategy (including information dominance and backdoors), transport,
pandemic and human resources interact with one another and create dependencies, and new risks. In some cases, negative
business consequences on the corporate balance sheet can be avoided by early replacement of high-risk components.
What does this mean for our community? Adopting a new strategy for IT components with 3 to 5 years of expected operating
time is relatively easy in contrast to OT components, which usually have between 20 and 30 years of expected operating time.
Discussion points on these issues are:
- Do you know your assets? do you perform inventory and asset management? If so, how up-to date is it? And to what
level of detail do you manage your asset inventory?
- Which plans and concepts have you prepared for addressing supply chain issues?
- Are you ready to replace some, many, or all components which might have problematic issues with respect to
strategic country policy?
Date: Thursday, June 22, 2023, 12:00 h - 20:30 h
Place: KWO, Hotel Handeck, Handegg 6, 3864 Guttannen
By car: Hotel Handeck (Google Maps: Hotel Handeck)
Public Transportation: KWO Shuttle: 11:30h Kraftwerke Oberhasli AG, Grimselstrasse 19, 3862 Innertkirchen.
Nearby train station Innnertkirchen (train from Meiringen arrives 11:25h)
Keynotes:
Global infrastructure resilience for national data: How to prepare for new and upcoming digital
emergencies?
Christoph Schnidrig, Head of Technology, Amazon Web Services (AWS)
Switzerland
The many facets of Supply Chain Security – – and how we should prepare and react?
Alex Diekmann, Director Corporate Security, u-blox AG
Roundtable 1:New dimension of inventory and asset management:
What do we really need to do?
Roundtable 2:What can be done to maintain a high level of security
and mitigate rising geopolitical risks?
For more details please see the Personal Invitation
10th Swiss OT-IT Cyber Security Forum
Human Factor in OT-IT, and between: Identifying the potential for better
security and how to act for reaching a higher level of maturity.
Leading people is considered a great art, but to lead people in security, where only limited disciplinary
measures are available, is a paramount art. We will approach the following topics and provide state of the art proposals
regarding: How to measure awareness and security culture level, how to stimulate for security, how to get the buy-in, how
to keep the interest on a high level, and how to bring the OT an IT communities together in a common track despite of
their differences.
Creating a very good security means both: to care for a high level of technical security and to invest into workforce
knowledge, behavior, and attitude. Failure in security culture means keeping a door open, in the weakest link: the
employee. Cyber security specialists have already a decade and more of experience in “security shaping” employees,
meanwhile this topic in the operational technology is rather new and must be developed from scratch in many enterprises.
We have two leading experts presenting: Tomas Schlienger with 25 years’ experience in awareness and security culture,
successfully helping many corporations to align the employees with the cyber security requirements of the company.
Matthias Glock is one of the early adopters making the employees of the OT workforce aware. Although the security is quite
the same, but since the use case is different, the workforce has a different educational background and timelines are
different, we need to reflect what this means for the awareness. Matthias will share with us the experience gained in SBB
on this topic.
Discussion points on these issues are:
- What are the commonalities in human behavior between the cyber security and the OT security communities?
- What are the differences in human behavior between the cyber security and the OT security communities?
- How to merge the two communities, cyber security, and OT security to get the maximumsecurity gain at lowest possible
cost?
Date: Tuesday, September 19, 2023, 12:00 h - 20:30 h
Place: Eidgenössisches Institut für Metrologie METAS
Lindenweg 50, 3003 Bern-Wabern
Standort (metas.ch))
Keynotes:
Security Awareness Strategies: How to improve awareness with the least possible investment?
Thomas Schlienger, TreeSolution
Human Factor in OT and IT Security: What are commonalities and differences and what is their impact
on better security?
Matthias Glock, Information Security Officer, SBB, Infrastructure Division
Roundtable 1:Security culture, awareness, and behavior: Identifying
successful and failing strategies.
Roundtable 2:Merging OT security and IT security: Identifying
challenges, options for improvement and tips for keeping the newly reached status on a high level.
For more details please see the Personal Invitation
11th Swiss OT-IT Cyber Security Forum
OT – IT – Cloud: How to handle cloud and multi-cloud securely?
Fact is that cloud migration has been foreseen form suppliers, as an unavoidable given.
Therefore, we examine security.
First, we know that many experts do not like the cloud, and think they have better control on their infrastructure, if the
equipment is local, and locally managed. However, reflecting which options you have for crises management and recovery,
then it does not look good for local installation. External experts only can, mostly supplier can help. Therefore, it is
an error to believe, that ownership leads to better control.
Second, we observe, that the security teams of cloud services are by for more experienced and provide a very high base
level security, which is very difficult to bring into local installations. When we compare Swisscom with Google, the scale
of security is obvious: Swisscom has about 500 experts in SOC, Google around 5000. The question who provides more security
is easily answered.
Third, the cloud shift is dictated by the suppliers: Smart Meter suppliers, Honeywell, Siemens, Schneider Electric and many
others deliver devices, which report bey default into the cloud and give the customer access to their data in the cloud.
This means that customers have an easy access to their data and have many options to process their data. And in addition –
many security challenges are already resolved, in the cloud.
We have to identified remain security issues which the customers must still care for, and how the shared responsibility
is designed. Some of the tasks are contractual, some in security management, but also some are in technology.
Discussion points on these issues are:
- Which security level provides the cloud?
- How to coordinate security in multi-cloud environments?
- How to design an overall security on-prem to cloud, which is really waterproof?
Date: Thursday, March 7, 2024, 12:00 h - 20:30 h
Place: Amazon Web Services, Marstrasse 2 – 2. Stock, 8002 Zürich
Keynotes:
Essential issues for OT driven organizations when transitioning to the cloud
Nabil Mghezzi Chaa, OT Cybersecurity Expert, Kudelski
Securing the Future: The Role of Cloud Services in Advancing On-Premise IT Security
André van Schalkwyk, CISO Straumann and Yuecel Karabulut, Principal Security Solutions Architect,
Amazon Web Services
Roundtable 1:Cloud and cloud security: what does it mean for
OT and IT?
Roundtable 2:OT single and multi-cloud: how to provide security
and resilience?
For more details please see the Personal Invitation
12th Swiss OT-IT Cyber Security Forum
Real incidents: What can we learn from them?
The overarching goal and challenge is how to learn from incidents better than we do today.
What triggers changes, how to implement those, and how to increase future level of security?
Does our organization need to experience incidents firsthand to learn from them, or can we gain insights
from the incidents of others? To learn from other organizations’ incidents, we must thoroughly understand
the details of those incidents and the lessons they have learned.
Firstly, after a major incident, the company will never be the same as before in respect to information &
cyber security. Management attention and awareness are drastically heightened. But do we need such a shock
to learn, or can we learn before a major event occurs? We will present three transformative incidents and
their impact on future security processes, threat intelligence, and building partnerships with a SOC.
Secondly, we will examine the timeline, from incident to recovery and identify the most critical actions
taken by those who learned it the hard way, i.e. from their own incident.
Lastly, we share lessons from these incidents, such that we can incorporate others’ learnings into our own
security measures and security incident design. The keynotes will focus on this aspect, allowing you to
evaluate your own concepts and implement necessary changes. The incidents themselves will be presented briefly
as well, in to prepare and focus on the findings afterwards.
Discussion points on these issues are:
- Which security level provides the cloud?
- How to coordinate security in multi-cloud environments?
- How to design an overall security on-prem to cloud, which is really waterproof?
Date: Thursday, June 27, 2024, 12:00 h - 20:30 h
Place: CKW AG, Rathausen 1, 6032 Emmen
Keynotes:
An Incident Triggers Changes: How to create a new level of security for the future?
Hans-Peter Aregger, former CIO Chemie Papier Holding AG
Combined IT/OT ransomware attack: how to integrate learnings enterprise-wide?
Alexey Kultyshkin, Head of Cyber Security & Risk / CISO Omya Business Services SLU
Nightmare Incident: How to wake up and implement learnings?
Alex Diekmann, Director Corporate Security, u-blox AG
Roundtable 1:Incident sharing: How do you share,
and how do you receive information on incidents: What are potential improvements?
Roundtable 2:A new culture for learning from incidents:
How to implement it.
For more details please see the Personal Invitation