C4DT Conference on Cyberattack Reporting Obligation

September 23rd, 2022, Starling Hotel, EPFL

The Federal Council described cyberattacks as “a serious threat for Switzerland’s security and economy” and proposed a law for a reporting obligation for cyberattacks on critical infrastructures in its press release of January 12th 2022. These reports should allow the National Cybersecurity Centre (NCSC) to assess the threat situation early on, to provide support and to warn other critical infrastructure operators at an early stage.

This 1-day conference will bring together government, public and private sectors and academia to discuss the proposed reporting obligation: who will be concerned by this law, and how they will be impacted. Through case studies of past cyberattacks in Switzerland and simulations of possible critical infrastructure attacks, we aim to raise awareness of the cyber-risks with communal, cantonal and federal authorities, critical infrastructure providers as well as all organisations impacted by this law.

The onsite event is by invitation only. However, it will be streamed live via Zoom. To obtain your Zoom link for the webinar please click below to register. Registration is free but mandatory.

This event is organized by C4DT in collaboration with UNIL’s Faculty of Law, Criminal Sciences and Public Administration (FDCA) and Trust Valley



Welcome Coffee


Welcoming Words

Part 1: Cyberattacks in Switzerland: Testimonies and Simulations

Providing insights into what happened / could happen during a cyber attack and into how the Swiss Government helps preventing attacks by providing threat intelligence and detection tools and supports organisations during cyber security incidents


Talk 1: Cyberdefence and -security: myths and realities, a few lessons from the field

by Christophe Gerber, General Manager, ELCA Security


Talk 2: The potential consequences of a cyber attack on the power grid and how to address the associated risk

by Gerald Hoschek, Senior Specialist Cyber Security Technology, SwissGrid


Talk 3: Beyond Emergency Response Only: How the Swiss Government’s Computer Emergency Response Team (GovCERT) operates

by Christophe Gerber, General Manager, ELCA Security


Coffee Break

Part 2: Modification of the Federal Information Security Act (ISA) – Introducing the Cyberattack Reporting Obligation

Why the need to modify the ISA? What does it say, who will be concerned by this law, and how will the different actors be impacted?


Talk 4: The revision of the ISA from the NCSC’s perspective

by Dr. Manuel Suter, Coordinator National Cyber ​​Strategy NCS, NCSC


Talk 5: Unpacking the Reporting Obligation under the revised ISA

by Pauline Meyer, PhD student in cybersecurity, UNIL



Part 3: Putting the Reporting Obligation into practice

Moderated by Prof. Matthias Finger – Center for Digital Trust, EPFL


Panel 1: Building trustworthy incident reporting and information sharing platforms

What would these platforms look like? What are the concerns of the critical infrastructure providers, for example in terms of confidentiality?


Dr. Markus Herren – Deputy CISO, Swiss Post

Dr. Alain Mermoud – Scientific Project Manager, Cyber-Defence Campus, armasuisse

Prof. Mario Paolone – Head of the Distributed Electrical Systems Laboratory (DESL), School of Engineering (STI), EPFL


Panel 2: Tackling the challenges of the law on Cyberattack Reporting Obligation

Discussing the challenges of the proposed modification of the Federal Information Security Act.


Alain Beuchat – Chief Information Security Officer, Banque Lombard Odier & Cie SA

Prof. Sylvain Métille – Faculty of Law, Criminal Justice and Public Administration (FDCA), UNIL

Dr. Manuel Suter – Coordinator National Cyber ​​Strategy NCS, NCSC


Coffee Break


Panel 3: Partnering for incident response: The NCSC and the private sector

What does an incident response look like? NCSC’s role and the role of the private sector.


Reto Inversini – Head of the Swiss Government’s Computer Emergency Response Team (GovCert), NCSC

Charlotte Lindsey Curtet – Chief Public Policy Officer, CyberPeace Institute

Olivier Spielmann – Vice President – Global Managed Detection & Response, Kudelski Security


Wrap up


Conference end