OT-IT Forum Logo
Hintergrund Symbolbild

Future, Legislation and Regulation in Cyberspace: Which action must be taken?
Legislation and regulation is fast moving and changing, often not really predictively: we want to identify priorities and importance to create a set of actions which should be in the best way protective to companies.

 

Mission

Why should you attend?

The Swiss OT-IT Cyber Security Forum Series is a sequence of events which takes place three times per year, with the strategic goal to unify OT and IT decision makers. The main objective is achieving significant advances in security.

 




Background:

Historically, the two communitities had completely different set-ups:

  • IT used to follow the speed of technology evolvement, with product cycles of about three years and extremely fast fixing of faults and errors: short reaction time of less than one hour is common practice by today.
  • OT used to create solutions in the mechanical space with life cycles reaching from 25 to 70 years, with little maintenance on average every 3-5 years. In the past few years the use of IT in OT installation has been increasing dramatically and OT is now fully integrated in cyberspace. Therefore, the need to connect the two communitities is now more important than ever before in order to address the mutually dependent topics including security issues.

Design of the forum:
  • 3 meetings per year
  • 2-3 talks from industry leaders delivered in English
  • Several roundtables lasting 1 hour in D, F and E at every meeting



Participation fee:
  • CHF 360 per event, alternatively CHF 960 for three events (one year)
  • Participation by invitation only. Proposal for inviting additional key persons please mail to: bmhaemmerli@OT-IT-CyberSecurityForum.ch

Content:

The content will be coordinated by Prof. Dr. Bernhard M. Haemmerli, Hochschule Luzern, and will be created by the organizing committee.

Organizing Committee:

Drives the process for the meetings with delegates, sponsors and selected partners.
 
 

13th Swiss OT-IT Cyber Security Forum

Future, Legislation and Regulation in Cyberspace:
Which action must be taken?

The vulnerability of the cyber infrastructure is more and more in the consciousness of politicians, also because of a paramount number of incidents. This fact creates the will to act on the political side, which means launching initiatives for new regulation and legislations. In quite similar way act professional organizations and create best practices and frameworks.

Against this background several challenges raise: Too big variety of legislation and regulations, maybe some are contradicting each other, violation of the principal of technology neutral formulation, not depicting sufficiently new technological progress, a too local view of the global challenge, impossible demands in respect to supply chain and its verification and documentation.

Recent incidents like CrowdStrike incident July 19, 2024, 4.09 UTC is creating more pressure to control the critical sectors with the target to secure the infrastructure and add another layer of resilience. But in all these efforts the companies operating such infrastructure, its capabilities and possibilities to change, as well as the available fund for change got lost.

With the keynotes we want to depict the regulation, legislation and framework space and with the debate we want to approach the solutions space with the questions in mind: Which priorities should be set, and which are the optimal implementation strategies?

Date: September 12, 2024, 12:00 h - 20:30 h
Location: Swiss Post; Webergutstrasse 12, 3052 Zollikofen
Parking: Parking lots available nearby

Keynotes:

OT and IT security legislation & regulation: What is the recent status and what is planned in near future?
Mark Sirsi, COO Cypurge GmbH


ICT Minimal standards: What does this mean for OT and CI?
BACS Expert, request pending


OT & IT legislation and regulation implementation strategies for best security and compliance: What are the secrets?
Michael Knuchel, Head of Sub-Station Automation Systems Engineering, Swissgrid


Roundtable 1:
Which are by now important legislation and regulations, and which are the important upcoming OT- and IT-security legislation and regulations, and how to set priorities in this jungle?
Roundtable 2:
Implementation strategies of recent and upcoming regulations: How to act and setting priorities?

For more details please see the Personal Invitation

To register: Please send Registration Form or a full e-mail footer to info@OT-IT-CyberSecurityForum.ch

 




Swiss OT-IT Cyber Security Forum 14

Virtualization in OT: Baseline, best practices, and hardening: But how to provide reliability and security?
OT virtualization is a shift in the market, and there is no chance to stop this development. Therefore, we want to elaborate on the issue, and especially on the most critical points: reliability, security and supply chain. All the respective three elements can create catastrophic events, as the CrowdStrike incident July 19, 2024, 4.09 UTC has demonstrated

Date: Thursday, March 6, 2025, 12:00-20:30h
Place: Location Sponsor Stadler Rail, Busnang - waiting for confirmation

Speakers: TBD

Roundtable 1:
Refining OT virtualization: How to design for reliability and security?
Roundtable 2:
OT Virtualization: Supply chain, implementation and operation: What are best practices today and in near future?
 
 
 

Past Forum

Swiss OT-IT Cyber Security Forum take place up to three times a year. This overview details past events.

 
 




1st Swiss OT-IT Cyber Security Forum

Taking an Integrated Approach to better Protect, Detect, Respond, and Recover OT & IT Environments from Cyber Attacks

 

Attack on critical infrastructures has evolved to a strategic tool for state actors as well as a tool for criminals to blackmail corporations. Fewer incidents have been observed with the aim of sabotaging the infrastructure which was the aim of notPetya. With this in mind the following questions regarding OT-IT installations should be addressed:

Date: September 24, 2020

For more details please see the Personal Invitation

 




2nd Swiss OT-IT Cyber Security Forum

On Cloud Edge Industrial IoT (IIOT): Which additional security measures are needed? Core topic: The strategic trend is to report all sensors values to cloud, and then calculate from the cloud the steering or control values which will be delivered back to the infrastructure. Which new security aspects should be covered e.g. cloud security practices and cloud migration security support. Is patching compliant with the sectors rules?

Date: March 4, 2021, 12:45 - 17:30h
Place: Webex on-line meeting with discussion groups due

Speakers:


Roundtable 1:
Implementing life-time and life-cycle end-to-end privacy, integrity and authenticity: how to approach and what must be considered?
Roundtable 2:
IIOT security: which concepts, architectures and technologies provide the required security level?

For more details please see the Personal Invitation

 




3rd Swiss OT-IT Cyber Security Forum

On Certification & Innovation: how to get the best out of both?
Which additional security measures are needed?
The policymakers understand continuous improvement systems and minimal standards as buzzword for improving situations, as in our case the cybersecurity of OT installations. Therefore, it is utmost important to know the recent certifications and the plans for the next strategic period for new certifications. Innovation starts at any place and is the only option to secure our cyberspace in the future.

But from innovation to certification it is usually a long way. Therefore, for our OT-IT discussion the following questions are relevant:

Date: June 10, 2021, 12:00-20:30h
Place: Axpo Kernkraftwerk Leibstadt

Speakers:

Roundtable 1:
Innovation in OT-IT: how do most of the recent advancement help?
Roundtable 2:
Certification & Innovation: How to get the best out of both?

For more details please see the Personal Invitation

 




4rd Swiss OT-IT Cyber Security Forum

United Crises Management OT-IT: How to benefit from better and well-tuned collaboration?
Traditionally, IT has its way how to deal with crises, and OT has also its own way to deal with crises. In earlier times there has been very little interaction between those two incident handling entities. With the rapid growth of the internet, the integration of business processes and control systems, and the connection of many OT devices, potential incidents may concern both organizations, and the collaboration between them makes the big difference for success when facing such crises. This event will give examples, debate the topic, and provide insights on:

Date: September 23, 2021, 12:00 h - 20:30 h
Place: ABB Baden, Information will follow, depending on Covid situation

Keynotes:

Domestic Robotik (Domotik): what it means to bring the OT and IT network on a single protocol together.
Roland Ebnöther and Mark Vadalà, Domotik in Swiss Defense Department


Third party risks: Mitigations, Detections, and Investigations
Nicolas Tinguely KPMG and Ivo Maritz MSFPartners


Tabletop exercise on united OT-IT cyber crises management: what is the setup, how to bring the two communities together, and which findings will result.
David Cowen, Managing Director KPMG US, SANS trainer, and Blackhat & RSA speaker


Roundtable 1:
United Crises Management OT-IT: What are advantages and draw backs of joint incident response training/exercises, and how to close the OT-IT gap?
Roundtable 2:
Third party risks: How to detect, mitigate and improve the general situation?
 

For more details please see the Personal Invitation

 




5th Swiss OT-IT Cyber Security Forum

Next generation OT-IT architecture with IPv6, 5G and LPWAN: How to secure OT and IT in the next strategic period?

Cyber space is continuously developing, and we face three protocols: LPWAN (Low Power Wide Area Network) such as LoRa (Long Range Wide Area Protocol, for low data rates in widely distributed environments), 5G (next generation cell phone protocol, which is much faster, can nearly handle unlimited numbers of nodes and has extremely low delays) and IPv6 the new internet protocol. What do we need to prepare, to ensure companies get best value and usage of these technologies while keeping security at a high level? Indirectly we will also prepare the organization for a secure future, with an alignment accordingly.

In this frame we will discuss beneficial and new applications and elaborate on new security concepts, which will make OT-IT security ready for the future. The following questions are relevant:

Date: March 3, 2022, 13:15 h - 17:30 h

Keynotes:

5G and low power, low bandwidth wide area networks (LoRa, Sigfox): Architecture, security, and innovative applications
Gerrit Holtrup, Principal Security Engineer at Kudelski IoT


Preparing OT and IT security for the next strategic period: Aligning organization, technology, processes, people
Simon Schneiter, Cyber Security Expert, ensec


Roundtable 1:
Architecture, security, and innovative applications: How to take advantage securely?
Roundtable 2:
Aligning organization, technology, processes, people: Priorities, implementation, and changes.
 

For more details please see the Personal Invitation

 




6th Swiss OT-IT Cyber Security Forum

Outsourcing detection and response:
Identifying key issues for constructing successful partnerships

Cybersecurity itself is already quite challenging, but when it comes to detection and response, the complexity is increasing by far: Plenty of very special knowledge must be available for different tiers in analysis (detection) and response (the coordinated reaction between external provider and internal operations and management). The services an enterprise needs for the detect and response functions as well as the processes between external partner and the company play a crucial role on effectiveness and performance.

In this context, we will discuss key issues and share experiences of outsourcing detection and response with the goal to have a clear view on people, process, and technology. The following questions are relevant:

Date: June 21, 2022, 12:00 h - 20:00 h
Place: In-Person, Kernkraftwerk Leibstadt (KKL), directions will be communicated to registered participants.

Keynotes:

SOC partnership from a client view: Opportunities, pitfalls, and recommendation for success
Daniel Schirato, IT/OT Security Officer, Axpo


The diversity of outsourcing detection and response services: How to identify quality, right settings, and expectations?
Olivier Spielmann, Vice President, Global Managed Detection and Response, Kudelski Security


Roundtable 1:
Identify services, processes, and exercises to prepare a perfect integration into incident and crises management setup?
Roundtable 2:
How to assess (potential) partners, and identify essential criteria for success?
 

For more details please see the Personal Invitation

 




7th Swiss OT-IT Cyber Security Forum

Critical Infrastructures:
Are Our OT Devices Secure?

Securing networks with old and non-patchable devices or other insecure black boxes: Strategies, concepts, and implementation in context of critical infrastructure like e. g. hospitals and energy sector.

Insecure devices need micro segmentation as narrow as the functionality allows. In addition, the analysis and monitoring of network streams should be another line of defense: automated search for unusual behavior and anomalies with advanced machine learning and artificial intelligence methods may reveal additional malicious activities.

In this context, we will discuss key issues and share experiences of networks with old and non-patchable devices and insecure black boxes with the goal to have a clear view on this challenge. Such devices remain operational for twenty to thirty years, often with no security measures, and no patch mechanism. While advanced security experts start to demand quantum-safe cryptography for being life-time secure, the OT device integration is lagging and still fights with basic security issues. The following questions are relevant:

Date: September 13, 2022, 12:00 h - 20:00 h
Place: Die Mobiliar, Bundesgasse 35, 3001 Berne, close to Bern SBB main station

Keynotes:

The challenge of networks with old devices and two strategic views on mastering the challenge.
Erik Dinkel, CISO USZ and Michel Buri, CISO Hopital VS


Advanced security and monitoring solutions from the energy sector: what can we learn?
Rénald Marmet, Expert OT Systems bei BKW Hydro


Innovative and new products for better OT-Security
Tim Blazytko,co-founder emproof, OT-Security expert


Roundtable 1:
Identify asset, life cycles, risks and need for action, including re-procurement for healing the overall situation, and reducing the risks to the acceptable level.
Roundtable 2:
How to address the challenge to enhance the OT cyber security stepwise to reach a more secure status? Successful planning and implementation examples, learning from experience.
 

For more details please see the Personal Invitation

 




8th Swiss OT-IT Cyber Security Forum

Improving OT-Security:
Architecture – Measures – Organization

Improving OT Architecture has many facets, including educational, human, organizational, strategic, and technological factors. Our focus will be on the transformational process: How can OT security reach a new level of maturity and use the best supportive technology. We are going to explore which measures are available and how to design an overall security architecture, which is effective and efficient.

Organizational transformation is a permanent process, which must consider the overall ecosystem, so that it will be and remain supportive to address the security challenges. Especially in critical environments the priority must be resilience, which includes plenty of processes, as well as fast reaction on research and innovation on the attacker’s side. We expect in the next period a strong move to “nation state” similar attacks of money maker hackers. The funding earned by ransom enables them to play as top notches in the scene.

The Zero Trust Architecture (ZTA) is – some years after being proposed – in its initial deployment. However, ZTA is not a product and nothing you can order. Much more you need to dig into this new plan (or philosophy) step by step over several years. By doing so you can improve OT security significantly with architecture, zoning, secure identity (IAM), privileged access management (PAM), secured remote access (RAS), and other measures.

The following questions are relevant for this forum:

Date: Thursday, March 2, 2023, 12:00 h - 20:00 h
Place: Hitachi Energy, Bruggerstrasse 72, 5400 Baden, 10 min from Baden SBB station

Keynotes:

Security as a process – the challenge of constantly adapting in a critical environment
Hadeli Hadeli, Global Product Manager for Cybersecurity Solutions


Security in the infrastructure architecture: development – operation – automation
Chris Ditze-Stephan, HSLU lecturer




Roundtable 1:
Organizational measures: How to leverage technology to its full security power?
Roundtable 2:
Technology for better Security: a debate on options and performance of available measures, with a touch of Zero Trust Architecture.
 

For more details please see the Personal Invitation

 




9th Swiss OT-IT Cyber Security Forum

Securing Supply Chains: What does this mean for OT and IT

The consequences of the divide between NATO, Russia and China for the supply chain should be carefully analyzed and reacted upon. The USA is demonstrating a clear stance of no cooperation with nations having Chinese made devices in their infrastructures. Should conflicts intensify, and this is what all indicators predict, devices and equipment stemming from the conflicting side will suddenly be an extreme risk. Preparation for this scenario is unavoidable for all corporations with professional risk management.

The first step in creating a plan is to make an inventory of existing components, for the hardware and software. Then reflection starts, where the company could be potentially at risk. Finally, both, a strategic plan how to develop the systems and an emergency plan in case of more intense conflicts should be elaborated. Of course, we all do not want this happening, but we should be realistic, and acknowledge that such a scenario is today far more likely than earthquake and other potential risk.

In the supply chain multiple issues like geopolitical strategy (including information dominance and backdoors), transport, pandemic and human resources interact with one another and create dependencies, and new risks. In some cases, negative business consequences on the corporate balance sheet can be avoided by early replacement of high-risk components.

What does this mean for our community? Adopting a new strategy for IT components with 3 to 5 years of expected operating time is relatively easy in contrast to OT components, which usually have between 20 and 30 years of expected operating time.

Discussion points on these issues are:


Date: Thursday, June 22, 2023, 12:00 h - 20:30 h
Place: KWO, Hotel Handeck, Handegg 6, 3864 Guttannen

By car: Hotel Handeck (Google Maps: Hotel Handeck)

Public Transportation: KWO Shuttle: 11:30h Kraftwerke Oberhasli AG, Grimselstrasse 19, 3862 Innertkirchen.
Nearby train station Innnertkirchen (train from Meiringen arrives 11:25h)

Keynotes:

Global infrastructure resilience for national data: How to prepare for new and upcoming digital emergencies?
Christoph Schnidrig, Head of Technology, Amazon Web Services (AWS) Switzerland


The many facets of Supply Chain Security – – and how we should prepare and react?
Alex Diekmann, Director Corporate Security, u-blox AG


Roundtable 1:
New dimension of inventory and asset management: What do we really need to do?
Roundtable 2:
What can be done to maintain a high level of security and mitigate rising geopolitical risks?

For more details please see the Personal Invitation

 




10th Swiss OT-IT Cyber Security Forum

Human Factor in OT-IT, and between: Identifying the potential for better security and how to act for reaching a higher level of maturity.

Leading people is considered a great art, but to lead people in security, where only limited disciplinary measures are available, is a paramount art. We will approach the following topics and provide state of the art proposals regarding: How to measure awareness and security culture level, how to stimulate for security, how to get the buy-in, how to keep the interest on a high level, and how to bring the OT an IT communities together in a common track despite of their differences.

Creating a very good security means both: to care for a high level of technical security and to invest into workforce knowledge, behavior, and attitude. Failure in security culture means keeping a door open, in the weakest link: the employee. Cyber security specialists have already a decade and more of experience in “security shaping” employees, meanwhile this topic in the operational technology is rather new and must be developed from scratch in many enterprises.

We have two leading experts presenting: Tomas Schlienger with 25 years’ experience in awareness and security culture, successfully helping many corporations to align the employees with the cyber security requirements of the company. Matthias Glock is one of the early adopters making the employees of the OT workforce aware. Although the security is quite the same, but since the use case is different, the workforce has a different educational background and timelines are different, we need to reflect what this means for the awareness. Matthias will share with us the experience gained in SBB on this topic.

Discussion points on these issues are:


Date: Tuesday, September 19, 2023, 12:00 h - 20:30 h
Place: Eidgenössisches Institut für Metrologie METAS
Lindenweg 50, 3003 Bern-Wabern

Standort (metas.ch))

Keynotes:

Security Awareness Strategies: How to improve awareness with the least possible investment?
Thomas Schlienger, TreeSolution


Human Factor in OT and IT Security: What are commonalities and differences and what is their impact on better security?
Matthias Glock, Information Security Officer, SBB, Infrastructure Division


Roundtable 1:
Security culture, awareness, and behavior: Identifying successful and failing strategies.
Roundtable 2:
Merging OT security and IT security: Identifying challenges, options for improvement and tips for keeping the newly reached status on a high level.

For more details please see the Personal Invitation

 




11th Swiss OT-IT Cyber Security Forum

OT – IT – Cloud: How to handle cloud and multi-cloud securely?

Fact is that cloud migration has been foreseen form suppliers, as an unavoidable given. Therefore, we examine security.

First, we know that many experts do not like the cloud, and think they have better control on their infrastructure, if the equipment is local, and locally managed. However, reflecting which options you have for crises management and recovery, then it does not look good for local installation. External experts only can, mostly supplier can help. Therefore, it is an error to believe, that ownership leads to better control.

Second, we observe, that the security teams of cloud services are by for more experienced and provide a very high base level security, which is very difficult to bring into local installations. When we compare Swisscom with Google, the scale of security is obvious: Swisscom has about 500 experts in SOC, Google around 5000. The question who provides more security is easily answered.

Third, the cloud shift is dictated by the suppliers: Smart Meter suppliers, Honeywell, Siemens, Schneider Electric and many others deliver devices, which report bey default into the cloud and give the customer access to their data in the cloud. This means that customers have an easy access to their data and have many options to process their data. And in addition – many security challenges are already resolved, in the cloud.

We have to identified remain security issues which the customers must still care for, and how the shared responsibility is designed. Some of the tasks are contractual, some in security management, but also some are in technology.

Discussion points on these issues are:


Date: Thursday, March 7, 2024, 12:00 h - 20:30 h
Place: Amazon Web Services, Marstrasse 2 – 2. Stock, 8002 Zürich

Keynotes:

Essential issues for OT driven organizations when transitioning to the cloud
Nabil Mghezzi Chaa, OT Cybersecurity Expert, Kudelski


Securing the Future: The Role of Cloud Services in Advancing On-Premise IT Security
André van Schalkwyk, CISO Straumann and Yuecel Karabulut, Principal Security Solutions Architect, Amazon Web Services


Roundtable 1:
Cloud and cloud security: what does it mean for OT and IT?
Roundtable 2:
OT single and multi-cloud: how to provide security and resilience?

For more details please see the Personal Invitation

 




12th Swiss OT-IT Cyber Security Forum

Real incidents: What can we learn from them?

The overarching goal and challenge is how to learn from incidents better than we do today. What triggers changes, how to implement those, and how to increase future level of security?

Does our organization need to experience incidents firsthand to learn from them, or can we gain insights from the incidents of others? To learn from other organizations’ incidents, we must thoroughly understand the details of those incidents and the lessons they have learned.

Firstly, after a major incident, the company will never be the same as before in respect to information & cyber security. Management attention and awareness are drastically heightened. But do we need such a shock to learn, or can we learn before a major event occurs? We will present three transformative incidents and their impact on future security processes, threat intelligence, and building partnerships with a SOC.

Secondly, we will examine the timeline, from incident to recovery and identify the most critical actions taken by those who learned it the hard way, i.e. from their own incident.

Lastly, we share lessons from these incidents, such that we can incorporate others’ learnings into our own security measures and security incident design. The keynotes will focus on this aspect, allowing you to evaluate your own concepts and implement necessary changes. The incidents themselves will be presented briefly as well, in to prepare and focus on the findings afterwards.

Discussion points on these issues are:


Date: Thursday, June 27, 2024, 12:00 h - 20:30 h
Place: CKW AG, Rathausen 1, 6032 Emmen

Keynotes:

An Incident Triggers Changes: How to create a new level of security for the future?
Hans-Peter Aregger, former CIO Chemie Papier Holding AG


Combined IT/OT ransomware attack: how to integrate learnings enterprise-wide?
Alexey Kultyshkin, Head of Cyber Security & Risk / CISO Omya Business Services SLU


Nightmare Incident: How to wake up and implement learnings?
Alex Diekmann, Director Corporate Security, u-blox AG


Roundtable 1:
Incident sharing: How do you share, and how do you receive information on incidents: What are potential improvements?
Roundtable 2:
A new culture for learning from incidents: How to implement it.

For more details please see the Personal Invitation

 
 
 

Contact

You can send a message directly to the Coordinater of this Forum, Prof. Dr. Bernhard M. Haemmerli