September 23th, 2022, Starling Hotel, EPFL

C4DT Conference on Cyberattack Reporting Obligation​

The Federal Council described cyberattacks as “a serious threat for Switzerland’s security and economy” and proposed a law for a reporting obligation for cyberattacks on critical infrastructures in its press release of January 12th 2022. These reports should allow the National Cybersecurity Centre (NCSC) to assess the threat situation early on, to provide support and to warn other critical infrastructure operators at an early stage.

This 1-day conference will bring together government, public and private sectors and academia to discuss the proposed reporting obligation: who will be concerned by this law, and how they will be impacted. Through case studies of past cyberattacks in Switzerland and simulations of possible critical infrastructure attacks, we aim to raise awareness of the cyber-risks with communal, cantonal and federal authorities, critical infrastructure providers as well as all organisations impacted by this law.
The onsite event is by invitation only. However, it will be streamed live via Zoom. To obtain your Zoom link for the webinar please click below to register. Registration is free but mandatory.
This event is organized by C4DT in collaboration with UNIL’s Faculty of Law, Criminal Sciences and Public Administration (FDCA) and Trust Valley

Featured Speakers & Panelists

Reto Inversini, GovCERT, NCSC

10h25-10h50: Talk on “Beyond Emergency Response Only: How the Swiss Government’s Computer Emergency Response Team (GovCERT) operates”
14h45-15h30: Panelist of the session “Partnering for incident response: The NCSC and the private sector”

Pauline Meyer, UNIL

11h35-11h50: Talk on “The reporting obligation under the revised ISA”

Prof. Sylvain Métille, Faculty of Law, Criminal Justice and Public Administration (FDCA), UNIL

13h00-13h45: Panelist of the session “Tackling the challenges of the law on Cyberattack Reporting Obligation”

Olivier Spielmann, Kudelski Security

14h45-15h30: Panelist of the session “Partnering for incident response: The NCSC and the private sector”

Prof. Matthias Finger, Center for Digital Trust (C4DT), EPFL

Moderator of the conference

Dr. Alain Mermoud, Cyber Defence Campus, armasuisse

13h00-13h45: Panelist of the session “Building trustworthy incident reporting and information sharing platforms”

Prof. Mario Paolone, Distributed Electrical Systems Laboratory, EPFL

14h45-15h30: Panelist of the session “Building trustworthy incident reporting and information sharing platforms”

Dr. Manuel Suter, NCSC

11h10-11h35: Talk on “The revision of the ISA from the NCSC’s perspective”
13h00-13h45: Panelist of the session “Tackling the challenges of the law on Cyberattack Reporting Obligation”

Schedule

}

09:00 – 09:30

Welcome coffee

}

09:30 – 09:35

Welcoming Words

Part 1: Cyberattacks in Switzerland: Testimonies and Simulations

Content

Providing insights into what happened / could happen during a cyber attack and into how the Swiss Government helps preventing attacks by providing threat intelligence and detection tools and supports organisations during cyber security incidents

Format

3 talks, 20 min plus 5 min Q&A each

}

09:35 – 10:00

Talk 1

}

10:00 – 10:25

Talk 2: [Title to be confirmed]

by Gerald Hoschek, Senior Specialist Cyber Security Technology, SwissGrid

}

10:25 – 10:50

Talk 3: Beyond Emergency Response Only: How the Swiss Government’s Computer Emergency Response Team (GovCERT) operates

by Reto Inversini, Head of GovCERT, NCSC

}

10:50 – 11:10

Coffee break

Part 2: Modification of the Federal Information Security Act (ISA) – Introducing the Cyberattack Reporting Obligation

Content

Why the need to modify the ISA? What does it say, who will be concerned by this law, and how will the different actors be impacted?

Format

2 talks, 20 min plus 5 min Q&A each

}

11:10 – 11:35

Talk 4: The revision of the ISA from the NCSC’s perspective

by Dr. Manuel Suter, Coordinator National Cyber ​​Strategy NCS, NCSC

}

11:35 – 12:00

Talk 5: Unpacking the Reporting Obligation under the revised ISA

by Pauline Meyer, PhD student in cybersecurity, UNIL

}

12:00 – 13:00

Lunch

Part 3: Putting the Reporting Obligation into practice

Format

3 panels, 30 min discussion plus 15 min Q&A each

Moderator

Prof. Matthias Finger, Center for Digital Trust, EPFL

}

13:00 – 13:45

Panel 1: Building trustworthy incident reporting and information sharing platforms

Content

What would these platforms look like? What are the concerns of the critical infrastructure providers, for example in terms of confidentiality?

Panelists

– Prof. Mario Paolone, Head of the Distributed Electrical Systems Laboratory (DESL), School of Engineering (STI), EPFL
– Dr. Alain Mermoud, Scientific Project Manager, Cyber-Defence Campus, armasuisse
– [to be confirmed]
}

13:45 – 14:30

Panel 2: Tackling the challenges of the law on Cyberattack Reporting Obligation

Content

Discussing the challenges of the proposed modification of the Federal Information Security Act.

Panelists

– Prof. Sylvain Métille, Faculty of Law, Criminal Justice and Public Administration (FDCA), UNIL
– Dr. Manuel Suter, National Cyber Security Centre (NCSC)
– [to be confirmed]

}

14:30 – 14:45

Coffee break

}

14:45 – 15:30

Panel 3: Partnering for incident response: The NCSC and the private sector

Content

What does an incident response look like? NCSC’s role and the role of the private sector.

Panelists

– Reto Inversini, Head of the Swiss Government’s Computer Emergency Response Team (GovCert), NCSC
– Olivier Spielmann, Vice President – Global Managed Detection & Response, Kudelski Security
– [to be confirmed]

}

15:30 – 15:45

Wrap up

}

15:45

End of Conference

Contact us regarding this C4DT Conference

14 + 5 =