C4DT Conference on Cyberattack Reporting Obligation
The Federal Council described cyberattacks as “a serious threat for Switzerland’s security and economy” and proposed a law for a reporting obligation for cyberattacks on critical infrastructures in its press release of January 12th 2022. These reports should allow the National Cybersecurity Centre (NCSC) to assess the threat situation early on, to provide support and to warn other critical infrastructure operators at an early stage.
This 1-day conference will bring together government, public and private sectors and academia to discuss the proposed reporting obligation: who will be concerned by this law, and how they will be impacted. Through case studies of past cyberattacks in Switzerland and simulations of possible critical infrastructure attacks, we aim to raise awareness of the cyber-risks with communal, cantonal and federal authorities, critical infrastructure providers as well as all organisations impacted by this law.
The onsite event is by invitation only. However, it will be streamed live via Zoom. To obtain your Zoom link for the webinar please click below to register. Registration is free but mandatory.
This event is organized by C4DT in collaboration with UNIL’s Faculty of Law, Criminal Sciences and Public Administration (FDCA) and Trust Valley
Schedule
09h00
Welcome Coffee
09h30
Welcoming Words
Part 1: Cyberattacks in Switzerland: Testimonies and Simulations
Providing insights into what happened / could happen during a cyber attack and into how the Swiss Government helps preventing attacks by providing threat intelligence and detection tools and supports organisations during cyber security incidents
09h35
Talk 1: Cyberdefence and -security: myths and realities, a few lessons from the field
by Christophe Gerber, General Manager, ELCA Security
10h00
Talk 2: The potential consequences of a cyber attack on the power grid and how to address the associated risk
by Gerald Hoschek, Senior Specialist Cyber Security Technology, SwissGrid
10h25
Talk 3: Beyond Emergency Response Only: How the Swiss Government’s Computer Emergency Response Team (GovCERT) operates
by Christophe Gerber, General Manager, ELCA Security
10h50
Coffee Break
Part 2: Modification of the Federal Information Security Act (ISA) – Introducing the Cyberattack Reporting Obligation
Why the need to modify the ISA? What does it say, who will be concerned by this law, and how will the different actors be impacted?
11h10
Talk 4: The revision of the ISA from the NCSC’s perspective
by Dr. Manuel Suter, Coordinator National Cyber Strategy NCS, NCSC
11h35
Talk 5: Unpacking the Reporting Obligation under the revised ISA
by Pauline Meyer, PhD student in cybersecurity, UNIL
12h00
Lunch
Part 3: Putting the Reporting Obligation into practice
Moderated by Prof. Matthias Finger – Center for Digital Trust, EPFL
13h00
Panel 1: Building trustworthy incident reporting and information sharing platforms
What would these platforms look like? What are the concerns of the critical infrastructure providers, for example in terms of confidentiality?
Panelists
Dr. Markus Herren – Deputy CISO, Swiss Post
Dr. Alain Mermoud – Scientific Project Manager, Cyber-Defence Campus, armasuisse
Prof. Mario Paolone – Head of the Distributed Electrical Systems Laboratory (DESL), School of Engineering (STI), EPFL
13h45
Panel 2: Tackling the challenges of the law on Cyberattack Reporting Obligation
Discussing the challenges of the proposed modification of the Federal Information Security Act.
Panelists
Alain Beuchat – Chief Information Security Officer, Banque Lombard Odier & Cie SA
Prof. Sylvain Métille – Faculty of Law, Criminal Justice and Public Administration (FDCA), UNIL
Dr. Manuel Suter – Coordinator National Cyber Strategy NCS, NCSC
14h30
Coffee Break
14h45
Panel 3: Partnering for incident response: The NCSC and the private sector
What does an incident response look like? NCSC’s role and the role of the private sector.
Panelists
Reto Inversini – Head of the Swiss Government’s Computer Emergency Response Team (GovCert), NCSC
Charlotte Lindsey Curtet – Chief Public Policy Officer, CyberPeace Institute
Olivier Spielmann – Vice President – Global Managed Detection & Response, Kudelski Security