C4DT Conference on Cyberattack Reporting Obligation

September 23rd, 2022, Starling Hotel, EPFL

The Federal Council described cyberattacks as “a serious threat for Switzerland’s security and economy” and proposed a law for a reporting obligation for cyberattacks on critical infrastructures in its press release of January 12th 2022. These reports should allow the National Cybersecurity Centre (NCSC) to assess the threat situation early on, to provide support and to warn other critical infrastructure operators at an early stage.

This 1-day conference will bring together government, public and private sectors and academia to discuss the proposed reporting obligation: who will be concerned by this law, and how they will be impacted. Through case studies of past cyberattacks in Switzerland and simulations of possible critical infrastructure attacks, we aim to raise awareness of the cyber-risks with communal, cantonal and federal authorities, critical infrastructure providers as well as all organisations impacted by this law.

The onsite event is by invitation only. However, it will be streamed live via Zoom. To obtain your Zoom link for the webinar please click below to register. Registration is free but mandatory.

This event is organized by C4DT in collaboration with UNIL’s Faculty of Law, Criminal Sciences and Public Administration (FDCA) and Trust Valley

Schedule


09h00

Welcome Coffee


09h30

Welcoming Words


Part 1: Cyberattacks in Switzerland: Testimonies and Simulations

Providing insights into what happened / could happen during a cyber attack and into how the Swiss Government helps preventing attacks by providing threat intelligence and detection tools and supports organisations during cyber security incidents

09h35

Talk 1: Cyberdefence and -security: myths and realities, a few lessons from the field

by Christophe Gerber, General Manager, ELCA Security

10h00

Talk 2: The potential consequences of a cyber attack on the power grid and how to address the associated risk

by Gerald Hoschek, Senior Specialist Cyber Security Technology, SwissGrid

10h25

Talk 3: Beyond Emergency Response Only: How the Swiss Government’s Computer Emergency Response Team (GovCERT) operates

by Christophe Gerber, General Manager, ELCA Security


10h50

Coffee Break


Part 2: Modification of the Federal Information Security Act (ISA) – Introducing the Cyberattack Reporting Obligation

Why the need to modify the ISA? What does it say, who will be concerned by this law, and how will the different actors be impacted?

11h10

Talk 4: The revision of the ISA from the NCSC’s perspective

by Dr. Manuel Suter, Coordinator National Cyber ​​Strategy NCS, NCSC

11h35

Talk 5: Unpacking the Reporting Obligation under the revised ISA

by Pauline Meyer, PhD student in cybersecurity, UNIL


12h00

Lunch


Part 3: Putting the Reporting Obligation into practice

Moderated by Prof. Matthias Finger – Center for Digital Trust, EPFL

13h00

Panel 1: Building trustworthy incident reporting and information sharing platforms

What would these platforms look like? What are the concerns of the critical infrastructure providers, for example in terms of confidentiality?

Panelists

Dr. Markus Herren – Deputy CISO, Swiss Post

Dr. Alain Mermoud – Scientific Project Manager, Cyber-Defence Campus, armasuisse

Prof. Mario Paolone – Head of the Distributed Electrical Systems Laboratory (DESL), School of Engineering (STI), EPFL

13h45

Panel 2: Tackling the challenges of the law on Cyberattack Reporting Obligation

Discussing the challenges of the proposed modification of the Federal Information Security Act.

Panelists

Alain Beuchat – Chief Information Security Officer, Banque Lombard Odier & Cie SA

Prof. Sylvain Métille – Faculty of Law, Criminal Justice and Public Administration (FDCA), UNIL

Dr. Manuel Suter – Coordinator National Cyber ​​Strategy NCS, NCSC


14h30

Coffee Break


14h45

Panel 3: Partnering for incident response: The NCSC and the private sector

What does an incident response look like? NCSC’s role and the role of the private sector.

Panelists

Reto Inversini – Head of the Swiss Government’s Computer Emergency Response Team (GovCert), NCSC

Charlotte Lindsey Curtet – Chief Public Policy Officer, CyberPeace Institute

Olivier Spielmann – Vice President – Global Managed Detection & Response, Kudelski Security


15h30

Wrap up


15h45

Conference end