Swiss OT-IT Cyber Security Forum

Past Forum

Swiss OT-IT Cyber Security Forum take place up to three times a year. This overview details past events.

1st Swiss OT-IT Cyber Security Forum

Taking an Integrated Approach to better Protect, Detect, Respond, and Recover OT & IT Environments from Cyber Attacks

Attack on critical infrastructures has evolved to a strategic tool for state actors as well as a tool for criminals to blackmail corporations. Fewer incidents have been observed with the aim of sabotaging the infrastructure which was the aim of notPetya. With this in mind the following questions regarding OT-IT installations should be addressed:

What is the need for protection, especially in respect to segmentation?
What is the need for detection, response and recovery?
What are attacking patterns, and which obstacles need to be in place to prevent the spread of the attacks?

Date: September 24, 2020

For more details please see the Personal Invitation

2nd Swiss OT-IT Cyber Security Forum

On Cloud Edge Industrial IoT (IIOT): Which additional security measures are needed? Core topic: The strategic trend is to report all sensors values to cloud, and then calculate from the cloud the steering or control values which will be delivered back to the infrastructure. Which new security aspects should be covered e.g. cloud security practices and cloud migration security support. Is patching compliant with the sectors rules?

Date: March 4, 2021, 12:45 - 17:30h
Place: Webex on-line meeting with discussion groups due

Speakers:

The need of end-to-end privacy, integrity and authenticity of OT/IoT device communication,
Andreas Thiel, Executive Director Product Centers at u-blox, Co-Founder
Securing digitalization in electrical systems with Quantum-safe high-speed communication,
Luca Haab, Global Technology Manager Wired Communications at Hitachi ABB Power Grids
Rouven Floeter, Global Product Manager Cybersecurity Solutions at Hitachi ABB Power Grids

Roundtable 1:
Implementing life-time and life-cycle end-to-end privacy, integrity and authenticity: how to approach and what must be considered?
Roundtable 2:
IIOT security: which concepts, architectures and technologies provide the required security level?

For more details please see the Personal Invitation

3rd Swiss OT-IT Cyber Security Forum

On Certification & Innovation: how to get the best out of both?
Which additional security measures are needed?
The policymakers understand continuous improvement systems and minimal standards as buzzword for improving situations, as in our case the cybersecurity of OT installations. Therefore, it is utmost important to know the recent certifications and the plans for the next strategic period for new certifications. Innovation starts at any place and is the only option to secure our cyberspace in the future.

But from innovation to certification it is usually a long way. Therefore, for our OT-IT discussion the following questions are relevant:

Which certifications are mandatory, and how to behave clever with optional certifications?
How to balance the need for certification and the need to continuously improve?
What are your experiences in balancing best between certification and innovation, and what would you like to change in future?

Date: June 10, 2021, 12:00-20:30h
Place: Axpo Kernkraftwerk Leibstadt

Speakers:

Advance approaches to automate OT security based on regulators’ will and attackers’ mind set,
Netanel Davidi, Co-Founder, Co-CEO, Member BoD; VDOO Connected Trust Ltd
Certification to advance to the required Cyber Maturity level,
Renate Verheijen, European Union Agency for Cyber Security (ENISA)

Roundtable 1:
Innovation in OT-IT: how do most of the recent advancement help?
Roundtable 2:
Certification & Innovation: How to get the best out of both?

For more details please see the Personal Invitation

4rd Swiss OT-IT Cyber Security Forum

United Crises Management OT-IT: How to benefit from better and well-tuned collaboration?
Traditionally, IT has its way how to deal with crises, and OT has also its own way to deal with crises. In earlier times there has been very little interaction between those two incident handling entities. With the rapid growth of the internet, the integration of business processes and control systems, and the connection of many OT devices, potential incidents may concern both organizations, and the collaboration between them makes the big difference for success when facing such crises. This event will give examples, debate the topic, and provide insights on:

How the interaction between OT and IT crises management can be improved.
How the crises collaboration of OT and IT can be assessed and tested with exercises.
What are typical learnings to be drawn from such exercises?

Date: September 23, 2021, 12:00 h - 20:30 h
Place: ABB Baden, Information will follow, depending on Covid situation

Keynotes:

Domestic Robotik (Domotik): what it means to bring the OT and IT network on a single protocol together.
Roland Ebnöther and Mark Vadalà, Domotik in Swiss Defense Department

Third party risks: Mitigations, Detections, and Investigations
Nicolas Tinguely KPMG and Ivo Maritz MSFPartners

Tabletop exercise on united OT-IT cyber crises management: what is the setup, how to bring the two communities together, and which findings will result.
David Cowen, Managing Director KPMG US, SANS trainer, and Blackhat & RSA speaker

Roundtable 1:
United Crises Management OT-IT: What are advantages and draw backs of joint incident response training/exercises, and how to close the OT-IT gap?
Roundtable 2:
Third party risks: How to detect, mitigate and improve the general situation?

For more details please see the Personal Invitation

5th Swiss OT-IT Cyber Security Forum

Next generation OT-IT architecture with IPv6, 5G and LPWAN: How to secure OT and IT in the next strategic period?

Cyber space is continuously developing, and we face three protocols: LPWAN (Low Power Wide Area Network) such as LoRa (Long Range Wide Area Protocol, for low data rates in widely distributed environments), 5G (next generation cell phone protocol, which is much faster, can nearly handle unlimited numbers of nodes and has extremely low delays) and IPv6 the new internet protocol. What do we need to prepare, to ensure companies get best value and usage of these technologies while keeping security at a high level? Indirectly we will also prepare the organization for a secure future, with an alignment accordingly.

In this frame we will discuss beneficial and new applications and elaborate on new security concepts, which will make OT-IT security ready for the future. The following questions are relevant:

With which applications companies can take advantage of new networking technologies?
How to align the architecture for being ready for this and future technologies?
Which changes you need in organization, technology, processes, and people skills?

Date: March 3, 2022, 13:15 h - 17:30 h

Keynotes:

5G and low power, low bandwidth wide area networks (LoRa, Sigfox): Architecture, security, and innovative applications
Gerrit Holtrup, Principal Security Engineer at Kudelski IoT

Preparing OT and IT security for the next strategic period: Aligning organization, technology, processes, people
Simon Schneiter, Cyber Security Expert, ensec

Roundtable 1:
Architecture, security, and innovative applications: How to take advantage securely?
Roundtable 2:
Aligning organization, technology, processes, people: Priorities, implementation, and changes.

For more details please see the Personal Invitation

6th Swiss OT-IT Cyber Security Forum

Outsourcing detection and response:
Identifying key issues for constructing successful partnerships

Cybersecurity itself is already quite challenging, but when it comes to detection and response, the complexity is increasing by far: Plenty of very special knowledge must be available for different tiers in analysis (detection) and response (the coordinated reaction between external provider and internal operations and management). The services an enterprise needs for the detect and response functions as well as the processes between external partner and the company play a crucial role on effectiveness and performance.

In this context, we will discuss key issues and share experiences of outsourcing detection and response with the goal to have a clear view on people, process, and technology. The following questions are relevant:

Which part of detection and response will always stay with your company?
By when to approach an outsourcing partner, and how to select specific services needed?
Which changes do you need in organization, technology, processes?

Date: June 21, 2022, 12:00 h - 20:00 h
Place: In-Person, Kernkraftwerk Leibstadt (KKL), directions will be communicated to registered participants.

Keynotes:

SOC partnership from a client view: Opportunities, pitfalls, and recommendation for success
Daniel Schirato, IT/OT Security Officer, Axpo

The diversity of outsourcing detection and response services: How to identify quality, right settings, and expectations?
Olivier Spielmann, Vice President, Global Managed Detection and Response, Kudelski Security

Roundtable 1:
Identify services, processes, and exercises to prepare a perfect integration into incident and crises management setup?
Roundtable 2:
How to assess (potential) partners, and identify essential criteria for success?

For more details please see the Personal Invitation

7th Swiss OT-IT Cyber Security Forum

Critical Infrastructures:
Are Our OT Devices Secure?

Securing networks with old and non-patchable devices or other insecure black boxes: Strategies, concepts, and implementation in context of critical infrastructure like e. g. hospitals and energy sector.

Insecure devices need micro segmentation as narrow as the functionality allows. In addition, the analysis and monitoring of network streams should be another line of defense: automated search for unusual behavior and anomalies with advanced machine learning and artificial intelligence methods may reveal additional malicious activities.

In this context, we will discuss key issues and share experiences of networks with old and non-patchable devices and insecure black boxes with the goal to have a clear view on this challenge. Such devices remain operational for twenty to thirty years, often with no security measures, and no patch mechanism. While advanced security experts start to demand quantum-safe cryptography for being life-time secure, the OT device integration is lagging and still fights with basic security issues. The following questions are relevant:

How to identify all OT asset concerned that must be secured?
Strategies for securing these types of devices, including future research ideas.
How to learn from advanced solutions (energy sector) and performing the right level of monitoring.

Date: September 13, 2022, 12:00 h - 20:00 h
Place: Die Mobiliar, Bundesgasse 35, 3001 Berne, close to Bern SBB main station

Keynotes:

The challenge of networks with old devices and two strategic views on mastering the challenge.
Erik Dinkel, CISO USZ and Michel Buri, CISO Hopital VS

Advanced security and monitoring solutions from the energy sector: what can we learn?
Rénald Marmet, Expert OT Systems bei BKW Hydro

Innovative and new products for better OT-Security
Tim Blazytko,co-founder emproof, OT-Security expert

Roundtable 1:
Identify asset, life cycles, risks and need for action, including re-procurement for healing the overall situation, and reducing the risks to the acceptable level.
Roundtable 2:
How to address the challenge to enhance the OT cyber security stepwise to reach a more secure status? Successful planning and implementation examples, learning from experience.

For more details please see the Personal Invitation

8th Swiss OT-IT Cyber Security Forum

Improving OT-Security:
Architecture – Measures – Organization

Improving OT Architecture has many facets, including educational, human, organizational, strategic, and technological factors. Our focus will be on the transformational process: How can OT security reach a new level of maturity and use the best supportive technology. We are going to explore which measures are available and how to design an overall security architecture, which is effective and efficient.

Organizational transformation is a permanent process, which must consider the overall ecosystem, so that it will be and remain supportive to address the security challenges. Especially in critical environments the priority must be resilience, which includes plenty of processes, as well as fast reaction on research and innovation on the attacker’s side. We expect in the next period a strong move to “nation state” similar attacks of money maker hackers. The funding earned by ransom enables them to play as top notches in the scene.

The Zero Trust Architecture (ZTA) is – some years after being proposed – in its initial deployment. However, ZTA is not a product and nothing you can order. Much more you need to dig into this new plan (or philosophy) step by step over several years. By doing so you can improve OT security significantly with architecture, zoning, secure identity (IAM), privileged access management (PAM), secured remote access (RAS), and other measures.

The following questions are relevant for this forum:

How to care for your organization’s security, while keeping the ties, enthusiasm, and engagement for security?
How to start a multiyear plan to implement Zero Trust Architecture?
How to track changes on the offender side to keep both, the protection, and the incident response up-to-date?

Date: Thursday, March 2, 2023, 12:00 h - 20:00 h
Place: Hitachi Energy, Bruggerstrasse 72, 5400 Baden, 10 min from Baden SBB station

Keynotes:

Security as a process – the challenge of constantly adapting in a critical environment
Hadeli Hadeli, Global Product Manager for Cybersecurity Solutions

Security in the infrastructure architecture: development – operation – automation
Chris Ditze-Stephan, HSLU lecturer

Roundtable 1:
Organizational measures: How to leverage technology to its full security power?
Roundtable 2:
Technology for better Security: a debate on options and performance of available measures, with a touch of Zero Trust Architecture.

For more details please see the Personal Invitation

9th Swiss OT-IT Cyber Security Forum

Securing Supply Chains: What does this mean for OT and IT

The consequences of the divide between NATO, Russia and China for the supply chain should be carefully analyzed and reacted upon. The USA is demonstrating a clear stance of no cooperation with nations having Chinese made devices in their infrastructures. Should conflicts intensify, and this is what all indicators predict, devices and equipment stemming from the conflicting side will suddenly be an extreme risk. Preparation for this scenario is unavoidable for all corporations with professional risk management.

The first step in creating a plan is to make an inventory of existing components, for the hardware and software. Then reflection starts, where the company could be potentially at risk. Finally, both, a strategic plan how to develop the systems and an emergency plan in case of more intense conflicts should be elaborated. Of course, we all do not want this happening, but we should be realistic, and acknowledge that such a scenario is today far more likely than earthquake and other potential risk.

In the supply chain multiple issues like geopolitical strategy (including information dominance and backdoors), transport, pandemic and human resources interact with one another and create dependencies, and new risks. In some cases, negative business consequences on the corporate balance sheet can be avoided by early replacement of high-risk components.

What does this mean for our community? Adopting a new strategy for IT components with 3 to 5 years of expected operating time is relatively easy in contrast to OT components, which usually have between 20 and 30 years of expected operating time.

Discussion points on these issues are:

Do you know your assets? do you perform inventory and asset management? If so, how up-to date is it? And to what level of detail do you manage your asset inventory?
Which plans and concepts have you prepared for addressing supply chain issues?
Are you ready to replace some, many, or all components which might have problematic issues with respect to strategic country policy?

Date: Thursday, June 22, 2023, 12:00 h - 20:30 h
Place: KWO, Hotel Handeck, Handegg 6, 3864 Guttannen

By car: Hotel Handeck (Google Maps: Hotel Handeck)

Public Transportation: KWO Shuttle: 11:30h Kraftwerke Oberhasli AG, Grimselstrasse 19, 3862 Innertkirchen.
Nearby train station Innnertkirchen (train from Meiringen arrives 11:25h)

Keynotes:

Global infrastructure resilience for national data: How to prepare for new and upcoming digital emergencies?
Christoph Schnidrig, Head of Technology, Amazon Web Services (AWS) Switzerland

The many facets of Supply Chain Security – – and how we should prepare and react?
Alex Diekmann, Director Corporate Security, u-blox AG

Roundtable 1:
New dimension of inventory and asset management: What do we really need to do?
Roundtable 2:
What can be done to maintain a high level of security and mitigate rising geopolitical risks?

For more details please see the Personal Invitation

10th Swiss OT-IT Cyber Security Forum

Human Factor in OT-IT, and between: Identifying the potential for better security and how to act for reaching a higher level of maturity.

Leading people is considered a great art, but to lead people in security, where only limited disciplinary measures are available, is a paramount art. We will approach the following topics and provide state of the art proposals regarding: How to measure awareness and security culture level, how to stimulate for security, how to get the buy-in, how to keep the interest on a high level, and how to bring the OT an IT communities together in a common track despite of their differences.

Creating a very good security means both: to care for a high level of technical security and to invest into workforce knowledge, behavior, and attitude. Failure in security culture means keeping a door open, in the weakest link: the employee. Cyber security specialists have already a decade and more of experience in “security shaping” employees, meanwhile this topic in the operational technology is rather new and must be developed from scratch in many enterprises.

We have two leading experts presenting: Tomas Schlienger with 25 years’ experience in awareness and security culture, successfully helping many corporations to align the employees with the cyber security requirements of the company. Matthias Glock is one of the early adopters making the employees of the OT workforce aware. Although the security is quite the same, but since the use case is different, the workforce has a different educational background and timelines are different, we need to reflect what this means for the awareness. Matthias will share with us the experience gained in SBB on this topic.

Discussion points on these issues are:

What are the commonalities in human behavior between the cyber security and the OT security communities?
What are the differences in human behavior between the cyber security and the OT security communities?
How to merge the two communities, cyber security, and OT security to get the maximumsecurity gain at lowest possible cost?

Date: Tuesday, September 19, 2023, 12:00 h - 20:30 h
Place: Eidgenössisches Institut für Metrologie METAS
Lindenweg 50, 3003 Bern-Wabern

Standort (metas.ch))

Keynotes:

Security Awareness Strategies: How to improve awareness with the least possible investment?
Thomas Schlienger, TreeSolution

Human Factor in OT and IT Security: What are commonalities and differences and what is their impact on better security?
Matthias Glock, Information Security Officer, SBB, Infrastructure Division

Roundtable 1:
Security culture, awareness, and behavior: Identifying successful and failing strategies.
Roundtable 2:
Merging OT security and IT security: Identifying challenges, options for improvement and tips for keeping the newly reached status on a high level.

For more details please see the Personal Invitation

11th Swiss OT-IT Cyber Security Forum

OT – IT – Cloud: How to handle cloud and multi-cloud securely?

Fact is that cloud migration has been foreseen form suppliers, as an unavoidable given. Therefore, we examine security.

First, we know that many experts do not like the cloud, and think they have better control on their infrastructure, if the equipment is local, and locally managed. However, reflecting which options you have for crises management and recovery, then it does not look good for local installation. External experts only can, mostly supplier can help. Therefore, it is an error to believe, that ownership leads to better control.

Second, we observe, that the security teams of cloud services are by for more experienced and provide a very high base level security, which is very difficult to bring into local installations. When we compare Swisscom with Google, the scale of security is obvious: Swisscom has about 500 experts in SOC, Google around 5000. The question who provides more security is easily answered.

Third, the cloud shift is dictated by the suppliers: Smart Meter suppliers, Honeywell, Siemens, Schneider Electric and many others deliver devices, which report bey default into the cloud and give the customer access to their data in the cloud. This means that customers have an easy access to their data and have many options to process their data. And in addition – many security challenges are already resolved, in the cloud.

We have to identified remain security issues which the customers must still care for, and how the shared responsibility is designed. Some of the tasks are contractual, some in security management, but also some are in technology.

Discussion points on these issues are:

Which security level provides the cloud?
How to coordinate security in multi-cloud environments?
How to design an overall security on-prem to cloud, which is really waterproof?

Date: Thursday, March 7, 2024, 12:00 h - 20:30 h
Place: Amazon Web Services, Marstrasse 2 – 2. Stock, 8002 Zürich

Keynotes:

Essential issues for OT driven organizations when transitioning to the cloud
Nabil Mghezzi Chaa, OT Cybersecurity Expert, Kudelski

Securing the Future: The Role of Cloud Services in Advancing On-Premise IT Security
André van Schalkwyk, CISO Straumann and Yuecel Karabulut, Principal Security Solutions Architect, Amazon Web Services

Roundtable 1:
Cloud and cloud security: what does it mean for OT and IT?
Roundtable 2:
OT single and multi-cloud: how to provide security and resilience?

For more details please see the Personal Invitation

12th Swiss OT-IT Cyber Security Forum

Real incidents: What can we learn from them?

The overarching goal and challenge is how to learn from incidents better than we do today. What triggers changes, how to implement those, and how to increase future level of security?

Does our organization need to experience incidents firsthand to learn from them, or can we gain insights from the incidents of others? To learn from other organizations’ incidents, we must thoroughly understand the details of those incidents and the lessons they have learned.

Firstly, after a major incident, the company will never be the same as before in respect to information & cyber security. Management attention and awareness are drastically heightened. But do we need such a shock to learn, or can we learn before a major event occurs? We will present three transformative incidents and their impact on future security processes, threat intelligence, and building partnerships with a SOC.

Secondly, we will examine the timeline, from incident to recovery and identify the most critical actions taken by those who learned it the hard way, i.e. from their own incident.

Lastly, we share lessons from these incidents, such that we can incorporate others’ learnings into our own security measures and security incident design. The keynotes will focus on this aspect, allowing you to evaluate your own concepts and implement necessary changes. The incidents themselves will be presented briefly as well, in to prepare and focus on the findings afterwards.

Discussion points on these issues are:

Which security level provides the cloud?
How to coordinate security in multi-cloud environments?
How to design an overall security on-prem to cloud, which is really waterproof?

Date: Thursday, June 27, 2024, 12:00 h - 20:30 h
Place: CKW AG, Rathausen 1, 6032 Emmen

Keynotes:

An Incident Triggers Changes: How to create a new level of security for the future?
Hans-Peter Aregger, former CIO Chemie Papier Holding AG

Combined IT/OT ransomware attack: how to integrate learnings enterprise-wide?
Alexey Kultyshkin, Head of Cyber Security & Risk / CISO Omya Business Services SLU

Nightmare Incident: How to wake up and implement learnings?
Alex Diekmann, Director Corporate Security, u-blox AG

Roundtable 1:
Incident sharing: How do you share, and how do you receive information on incidents: What are potential improvements?
Roundtable 2:
A new culture for learning from incidents: How to implement it.

For more details please see the Personal Invitation

13th Swiss OT-IT Cyber Security Forum

Future, Legislation and Regulation in Cyberspace: Which action must be taken?

The vulnerability of the cyber infrastructure is more and more in the consciousness of politicians, also because of a paramount number of incidents. This fact creates the will to act on the political side, which means launching initiatives for new regulation and legislations. In quite similar way act professional organizations and create best practices and frameworks.

Against this background several challenges raise: Too big variety of legislation and regulations, maybe some are contradicting each other, violation of the principal of technology neutral formulation, not depicting sufficiently new technological progress, a too local view of the global challenge, impossible demands in respect to supply chain and its verification and documentation.

Recent incidents like CrowdStrike incident July 19, 2024, 4.09 UTC is creating more pressure to control the critical sectors with the target to secure the infrastructure and add another layer of resilience. But in all these efforts the companies operating such infrastructure, its capabilities and possibilities to change, as well as the available fund for change got lost.

With the keynotes we want to depict the regulation, legislation and framework space and with the debate we want to approach the solutions space with the questions in mind: Which priorities should be set, and which are the optimal implementation strategies?

Date: September 12, 2024, 12:00 h - 20:30 h
Location: Swiss Post; Webergutstrasse 12, 3052 Zollikofen
Parking: Parking lots available nearby

Keynotes:

OT and IT security legislation & regulation: What is the recent status and what is planned in near future?
Mark Sirsi, COO Cypurge GmbH

ICT Minimal standards: What does this mean for OT and CI?
BACS Expert, request pending

OT & IT legislation and regulation implementation strategies for best security and compliance: What are the secrets?
Michael Knuchel, Head of Sub-Station Automation Systems Engineering, Swissgrid

Roundtable 1:
Which are by now important legislation and regulations, and which are the important upcoming OT- and IT-security legislation and regulations, and how to set priorities in this jungle?
Roundtable 2:
Implementation strategies of recent and upcoming regulations: How to act and setting priorities?

For more details please see the Personal Invitation

14th Swiss OT-IT Cyber Security Forum

Virtualization in OT – Baseline, best practices, and hardening:
But how to provide reliability, availability and security?

IT concepts such as virtualization are very beneficial for IT- and OT-operators because of savings in hardware, and in system management (updates etc.). The suppliers know this, and offer their new products in the cloud, and often in virtualized environments. Traditional components, as they were available in the past, are no more available. Therefore, OT practitioners and engineers need to change to the new virtualized world. And this requires new and different risk analysis and security concepts.

In the first step we need to understand the virtualization concept, and its primary vulnerabilities and attack surface, in the cloud, but also at the operator’s premises. More specifically: Rols and responsibilities must be defined in-depth and well, in the cloud, on premises for internal IT-provider, and OT- organization (e.g. applications). For this we will exchange best practices approaches and the related frameworks

Secondly, we need to consider how to harden virtualized system and make them more resilient against attacks. What are the immediate benefits, and which residual risks remain?

Thirdly, we need an analysis what the new concepts provide in respect to reliability, availability and security. The new world is a distributed computing systems and the analysis must consider all aspects, in the cloud but also at operator’s premises. And in respect to the new area of political conflicts, we need to be very deliberate in choosing the region we align, when we run virtualized services. Are there also vulnerabilities we need to be prepared for ourselves, just in case political tension is growing?

We expect new security insights in respect to our system of today but also of the near future.

Date: March 6, 2025, 12:00 h - 20:30 h
Location: Roche Diagnostics International, Forrenstrasse 2, 6343 Rotkreuz Melden bei Bau 5, Reception
Parking: Parking lots available nearby

Keynotes:

Assessing Risk for OT Virtualization: How to provide reliability and security in the new virtualized world?
James Phillips, Kudelski Security

Concepts and implementation of OT Virtualization: How to bring IT-Virtualization Concepts to Acceptance in the OT Group?
Daniel Franke, Norsk Hydro

Roundtable 1:
Refining OT virtualization: How to design for reliability, availability and security?
Roundtable 2:
OT Virtualization: Supply chain, implementation and operation: What are best practices today and in the near future

For more details please see the Personal Invitation

15th Swiss OT-IT Cyber Security Forum

During Incident: Stabilize or Isolate infected systems?

How to determine Strategy and which actions lead to success? Debate on real-world response options for OT and IoT incidents, focusing on how to choose a course of action when safety, continuity, and national security must be equally considered, and all stay in the balance.

When something breaches your OT environment, the pressure is immediate. Do you monitor the attacker to gather intel, try to quietly contain the threat, or shut it all down—and risk disrupting critical operations and burning Swiss francs in the process?

Mark Barwinski will walk through real-world response options for OT and IoT incidents, fo-cusing on how to choose a course of action when safety, continuity, and national security are all in the balance.

In addition, he explains lessons from the Colonial Pipeline ransomware attack, explores today’s geopolitical backdrop—where reports of pre-positioned malware in U.S. infrastructure point to longterm OT targeting—and consider how defenders can prepare. Drawing on early-career work in SCADA protocol research and time spent at Sandia and Pacific Northwest National Labs, Mark will share what still holds true about visibility gaps, decision-making under pressure, and what you can—and can’t—turn off in a crisis. He presents, how digital twins are being used to safely simulate real environments, helping teams rehearse the unthinkable and refine their incident playbooks before the stakes are real.

The next speaker refines the processes between SOC and SOC client. Depending on specific use cases, the business stakeholders will be selected, which will be included in the decisionmaking process of the case. Furthermore, plenty of agreements must be made before, that experts know, where (Soc or SOC user) will be performed which activity. Finally, Frank Papae will present innovative concepts and solution, how through reduction of controllability, the hackers could be icked out of critical systems. What do the attendees think of this compromise and what is the practical value?

We expect new security insights in respect to our system of today but also of the near future.

Date: June 12, 2025, 12:00 h - 20:30 h
Location: Aula von Swissgrid, Bleichemattstrasse 31, 5001 Aarau
Parking: Please use SBB Parking, handicaped: ask Bernhard for onsite parking
ID: To be admitted to Swissgrid secure zone, you need an ID

Keynotes:

Watch, Wait, or Shut It Down? Tough Calls in OT/IoT Incident Response
Mark Barwinski, Global Security Executive

SOC – SOC User: Who are the persons to be included, and how does the decision process work?
Martin Scheu, OT Security Engineer, Switch

How to isolate hackers
Frank Pape, Axpo

Roundtable 1:
Refining OT-IT and IoT Detection and Response: What are the options, who needs to decide, and what is the impact?
Roundtable 2:
OT SOC processes: Learning from real cases and Experience sharing: Which strategies lead to success, and what should be avoided?

For more details please see the Personal Invitation

16th Swiss OT-IT Cyber Security Forum

The Role of AI: How does AI impact OT, OT security, and IT security?

AI is a strong option to perform in business and in security. An overview on AI in security defence & offence demonstrates AI’s capability. How to use AI in everyday’ s security life will provide state-of-the-art insights.

Artificial Intelligence (AI), Machine Learning (ML), and many of the core algorithms in use today have been around for over 30 years. What’s new is the ability to store and process massive amounts of data, enabling systems to be trained more effectively than ever before.

A major breakthrough came in 2017 at the NeurIPS conference, when Google researchers introduced the transformer architecture in their landmark paper “Attention Is All You Need.” This innovation laid the foundation for modern Large Language Models (LLMs), including the release of ChatGPT-1 in 2018, which made a specific type of AI accessible to the general public.

Since then, AI has evolved at an astonishing pace. From ChatGPT-1 to today’s advanced models, we’ve seen rapid improvements in capabilities – often on a monthly basis. This progress has sparked public debate, not only about the dual-use nature of AI (for both defense and offense) but also about more speculative, science fiction-like scenarios: Could robots one day lead, self-repair, or even reproduce with consciousness?

In this context, our focus is on practical, grounded applications of AI – both today and in the near future – while acknowledging that unexpected breakthroughs could dramatically shift the landscape.

We explore key questions:

What is AI, and how can it be used to defend OT and IT infrastructure?
What progress can we expect in the coming years?
How can organizations identify the best AI solutions for their needs?
How is AI being used by attackers to enhance their methods?

We already see AI-driven improvements in phishing, malware obfuscation, attack variation, and the speed of innovation in cyber threats. To stay professional and well-informed in our security roles, we must deepen our understanding of AI – its capabilities, its risks, and its potential.

Date: September 11, 2025, 12:00 h - 20:30 h
Location: Anna Seiler Haus, room U1_007, Freiburgstrasse 20, 3010 Bern

Keynotes:

AI Capabilities & AI Principles in Security und Attacks: What is relevant for OT & IT?
Frank Heinzmann, Hochschule Luzern

AI in OT and IT defence: An experience report of an advanced company
TBD

Roundtable 1:
Refining AI principles and capabilities: Which options we can apply in OT and IT, and how does this change the future threat and defense landscape?
Roundtable 2:
Introduction of AI in OT and IT security in my company: What are prerequisites, which are initial steps, and how to take maximum benefit?

For more details please see the Personal Invitation