10. Cyber Intelligence

The Cyber Intelligence event is a specialised - high-quality - IT security event that can be attended on-invitation only.

For this edition we will have some of the best speakers from the last events present and discuss in panels the latest threat situation in Switzerland and globally.

The focus of the 10. event will be on IT security issues for critical infrastructure providers.

Feedback from attendees

"Not only the speakers play in the top league but also among the audience you find outstanding experts from large Swiss corporations and organisations."
(Dr. Serge Droz, SWITCH)

"As a presenter, I was impressed by the caliber of the attendees and the depth of the discussions throughout the day."
(Dr. Robert Griffin, RSA)

"Habe noch nie ein so hochklassiges Konzentrat von Referenten erlebt; sehr spannende Themenwahl.”
(Thomas Schwyzer, Executive Director Security, UBS)

Who should attend

  • operations managers from critical infrastructure providers
  • compliance, governance, risk managers from large organisations
  • CISO, CIO, COO, CTO office
  • IT infrastructure & operations experts
  • IT security & investigations managers

Last event


  • 13:30
    Opening panel discussion
    Critical infrastructure under cyber attack?
    Science fiction vs. under-rated threat scenario
    • Dr. Serge Droz, Switch
    • Dr. Lukas Ruf, Consecom
    • Dominique Piatti, Kleissner & Associates
  • Dr. Philipp Hurni, Swiss Re Group
    Cyber attacks on critical infrastructures from the perspective of a global insurer and reinsurer
    Show more
  • Robert Thompson, Siemens
    Plant Security Services
    Show more
  • Adam Wolman, CyberX
    Product review
  • Barak Perelman, Indegy
    The Anatomy of Industrial Cyber Attacks
    Show more
  • 15:40
  • Dominique Piatti, Kleissner & Associates
    How do ICS/SCADA hackers work?
  • Diego Schmidlin, RUAG
    Protecting critical infrastructure against cyber threats, a holistic approach.
    Show more
  • Fabien Leimgruber, Kudelski Security
    Agile product owner threat intelligence
    Show more
  • 18:00

Agile product owner threat intelligence

In the past, digital threats were often addressed with a program of technical investigation and remediation. The lack of situational and environmental context meant that the picture was always incomplete. Now, with the increase of literal data coming from Open Source Intelligence, new possibilities for investigation and context provision have opened up.

Leveraging this information is not without its challenges. To begin with, we need to work out how we can unlock the context for digital threats and understand the roots. Combining technical and literal worlds allows us to answer questions like “Where are bad actor activities originating from? Why are they pirating television? What other threats are targeting my organization?”

This process is not just relevant for digital TV, but has significant implications for how we understand and respond effectively to cyber threats and incidents.

Plant Security Services

Initiativen wie Internet der Dinge und Industrie 4.0, in welchen vernetzte Objekte ohne Mensch-zu-Mensch oder Mensch-zu-Maschine Interaktion Daten austauschen, haben bereits den Weg in die Industriewelt gefunden.

Diese ermöglichen eine vollständig neue Dimension an Dienstleistungen bzw. Services, um die Produktivität zu optimieren und Geschäfts-entscheidungen zu ermächtigen und bringen somit zahlreiche Vorteile für die Industriewelt mit sich.

Gleichzeitig werden dadurch allerdings auch bisher abgesicherte Produktionsprozesse leichter angreifbar. Diese rasch zunehmende Konnektivität, verbunden mit der steigenden Anzahl und Komplexität von Cyber-Angriffen, stellt neue Herausforderungen beim Schützen von Industrieanlagen dar. Sicherheit kann an jeder einzelnen Stelle des verbundenen Netzes scheitern. Die Auswirkungen eines Sicherheitsvorfalls können von Verlust vom geistigen Eigentum, Sabotage oder materieller Schäden bis hin zu Produktionsausfällen reichen. Wir steuern auf eine neue Ära für diskrete Fertigung und Prozessautomatisierung. Dennoch sind Zuverlässigkeit, Verfügbarkeit und Sicherheit so stark wie das schwächste Glied inmitten der stark vernetzten Welt. Ein zuverlässiger Ansatz muss ein umfassendes Automatisierungs-verständnis sowie Security Expertise vereinen. Siemens folgt dem Ziel, die Produktivität zu optimieren und sie dabei umfassend zu schützen und vertraut einem bewährtem Ansatz, der nicht nur die Produktion mit den neuen Möglichkeiten des Internets das Dinge optimiert, sondern auch die Sicherheit der Anlage mit Managed Services wie kontinuierlicher Überwachung, Schwachstellenanalyse oder forensische Untersuchung erhöht.

Am Beispiel der Siemens Industrial Security Aktivitäten und der darauf basierenden Plant Security Services wird der Weg eines solchen Ansatzes aufgezeigt, sowie welche Bedeutung Sicherheitsmaßnahmen in der industriellen Produktion für die zuverlässige Nutzung der Vorteile starker Konnektivität und intensivem Datenaustausch im Zeitalter von Industrie 4.0 hat.

Protecting critical infrastructure against cyber threats, a holistic approach

Whether private companies or public service providers, operators of critical infrastructures are increasingly exposed to targeted cyber-attacks.

Failures in the IT/OT infrastructure can have far-reaching consequences for the critical infrastructure provider, the population and the economy.

Successful protection against cyber threats requires action on different levels and therefore a holistic approach.

Implementing adequate technological solutions is vital but streamlined processes and well trained personnel are equally crucial.

In this session concrete examples will be discussed along the phases prior to the attack (Prevention), during the attack (Detection) and after the attack (Response).

Cyber attacks on critical infrastructures from the perspective of a global insurer and reinsurer

In the past few years, it has been shown many times that cyber attacks are not just a threat for valuable data assets such as credit card numbers and health data records, but have the potential to bring down critical infrastructures – especially the power grid or communication networks – and hence literally cripple a country and its economy.

Although this « cybergeddon scenario » has not yet materialized, we discuss why insurers and reinsurers need to be able to estimate potential frequency and severity of such events.

The Anatomy of Industrial Cyber Attacks

We will skip the standard pitch about why ICS networks are vulnerable and the criticallity of operational continuity, and go right to the point, which is to explain how ICS cyber attacks really operate and where are the security gaps that enable these attacks.
Industrial networks are inherently different than IT networks. In most IT cyber attack scenarios, the same protocols are used for configuration and production operations.
However in industrial networks, different protocols are used for different types of operations.
The builders of Stuxnet understood this more than 5 years ago, yet most security specialists still don’t fully understand the difference.

In this session we will discuss:

  • The need to monitor the proprietary network protocols and track all changes to the controllers
  • Why changes to PLC code blocks are transparent to “standard” OT protocol inspections (i.e. MODBUS/DNP3/ICCP) and what should be monitored
  • Which additional security gaps must be addressed in order to protect ICS networks against cyber-attacks, malicious insiders and human errors
Join us for this myth-busting session in which we will dispel common fables around industrial cyber attacks and explain how they really operate.


Fabien Leimgruber

Kudelski Security

Kudelski Security is an innovative, independent provider of tailored cybersecurity solutions for large enterprise and public sector clients. With more than 350 employees, and locations in Switzerland, Spain and across the United States, our differentiator is based on our rich history of using innovation and engineering to help clients solve some of their toughest information security challenges.

We are creating a new standard for cybersecurity by offering a different kind of program and approach, based on long-term trusted relationships. We work with our clients to develop a security blueprint – a comprehensive framework unique to each engagement – that enables clients to visualize, implement and measure all elements of their security program including people, processes, and technology.

Our offering includes a unique combination of world-class consulting, technology, managed services and technical innovation to focus on the needs of our clients. Through our programmatic approach, clients gain true and pervasive visibility into threats, enabling them to reduce enterprise risk, maintain compliance and increase overall efficiencies.

Our global reach and cyber solutions focus is reinforced by key international partnerships. This includes alliances with world’s leading security technology firms as well as specialized services experts, so you have access to the tools, knowledge and talent to realize complete cybersecurity programs.

Adam Wolman

Adam leads CyberX’s sales and partner management in EMEA & APAC. He brings more than 15 years of sales and channel experience.

In his role, Adam directs the go-to-market strategy and the end-to-end sales process to successfully penetrate and grow new territories, build and nurture a partners’ network and accelerate the company’s footprint. Prior to joining CyberX Adam held sales management roles at Windward and Aeronautics.

Adam holds a Bsc. in Computer Engineering (Cum Laude) from the Technion, Israel Institute of Technology.


CyberX helps secure the Industrial Internet by providing complete visibility into the OT Network as well as real-time detection and alerts of operational incidents, cyber threats and system tampering, in order to minimize disruption to operations and downtime.

Seamlessly connecting to an existing OT network, our flagship platform, XSense, provides instant results by collecting data from across the OT environment utilizing Big Data and Machine Learning to optimize the detection of operational behaviors.

Supporting security needs of industries such as energy and utilities, oil and gas, chemical and pharmaceuticals, manufacturing, transportation and more, XSense monitors physical devices to detect operational incidents and cyber-attacks.

Diego Schmidlin

RUAG Schweiz AG

RUAG Cyber Security is the Swiss security expert for prevention, detection and response to cyber threats.

With innovative developed technology, consulting and training solutions we enable security organizations, critical infrastructure providers and companies in accomplishing this task.

Our holistic approach focuses not only to the technical aspects of cyber security, but also to the processes of a company and the behavior of their employees.

Therefore the RUAG Cyber Circle is oriented along the phases prior to the attack (Prevention), during the attack (Detection) and after the attack (Response).

The services offered include threat intelligence, security health check, business continuity planning, tailored security solutions including industrial control systems.

With our products for cyber threat detection, incident response and incident reporting, we monitor IT and OT systems and check the security measures by continuous validation.

In the RUAG Cyber Training Range we train specialists, technical operators and managers in dealing with cyber emergencies based on specific scenarios in a realistic IT/OT environment.

Robert Thompson

Siemens has a global network of experts for automation and cyber security.
Siemens Plant Security Services offers industry-specific solutions for reliable protection against security incidents to identify vulnerabilities and threats, take proactive measures and achieve optimal long-term plant protection. The offer covers comprehensive consulting, technical implementation and continuous service (managed security services).

  • 1988 - 1991: Freiwilliger Dienst in der United States Army als Mechaniker für Apache 64 Kampfhubschraubern; Elektriker und Waffenspezialist
  • 1991 - 1992: Militärdienst (US Army) in Verbindung mit Operation Desert Storm
  • 1992 - 1994: Civil Contractor für die United States Army
  • 1994 - 2007: UBB Umformtechnik als Industriemechaniker und Schichtführer mit Ausbildung zum SPS-Techniker
  • 2007 - 2012: Siemens AG Customer Service für Telecontrol und Industrial Security. Systemtest für SCALANCE S, Telecontrol Server Basic und diverse Serviceeinsätze vor Ort bei Endkunden.
  • 2012 - 2015: Siemens AG SIMATIC Pre-Sales Support für Industrial Security, kundenspezifische Workshops und diverse Security-Veranstaltungen
  • 2015 - Heute: Siemens AG Plant Data Services für Plant Security Services, Endpoint Protection, Automation Firewall, Industrial Security Monitoring (SIEM) und diverse Security-Veranstaltungen
  • Dr. Davide Zanetti

    Dr. Zanetti is Cyber Security Program Manager at ABB Group.

    In his current position, he is responsible to drive and implement global cyber security initiatives that aim at ensuring that ABB offerings - product, systems, and services - support customers’ cyber security needs and requirements.

    Prior to joining ABB, he held several R&D and cyber security positions in the telecommunication and healthcare sectors.

    He holds a Ph.D. in Computer Science from the Federal Institute of Technology (ETH) in Zurich, Switzerland.

    Dr. Philipp Hurni

    Philipp Hurni has worked in the field of resilient low-power wireless communication for internet-of-things technologies while pursuing his PhD in Computer Science at University of Bern.

    He then worked for several years as a cyber security officer for Switzerland’s major telecommunications and IT services provider Swisscom, where he led security projects in mobile communication, data leakage prevention, security management & governance.

    In 2015, he joined Swiss Re’s Cyber Centre of Competence to tackle cyber risk from a (re)insurance perspective.

    He currently works on quantifying the accumulation potential of cyber risk on specific cyber coverages but also on traditional lines of insurance business (property, engineering, casualty) for Swiss Re, and is furthermore active in modelling and calculating the technical costing of cyber covers.

    Barak Perelman

    Barak Perelman is the CEO and Co-Founder of Indegy, an Industrial Cyber Security startup building a comprehensive security and governance platform to protect industrial networks and critical infrastructures.

    Before founding Indegy, Perelman led several multimillion dollar cybersecurity projects at the IDF and received commendation for this service and achievements.

    He is a graduate of the elite Talpiot military academy and has over 15 years of hands-on experience in cybersecurity and protection of critical infrastructures.

    Perelman holds a B.Sc. in computer science, physics and math, and an MBA from the Tel Aviv University.


    Indegy is an Industrial Cyber Security innovator which provides visibility and security for ICS networks to improve operational safety and reliability.

    Our customers implement the Indegy platform to protect the critical controllers that manage the lifecycle of industrial processes.

    Indegy's core technologies monitor control-layer activities and identify in real-time changes to controller logic, configuration, firmware and state.

    Indegy applications for asset management, configuration control, comprehensive activity reports and backup and recovery capabilities enable quick response to cyber attacks, insider threats and human error.

    Dominique Piatti

    Dominique is a security researcher working for Kleissner & Associates s.r.o. (a LookingGlass Cyber Solutions Inc. company) since 2015.

    Before he founded several startup companies such as a high traffic subdomain provider.

    He has knowledge of various botnets like ZeuS or Kelihos and a vast experience with phishing and botnet detection and prevention.

    Dominique has 20 years’ experience in LAMP development and is an experienced administrator of Linux servers and networks.

    Earlier he worked for a mobile company and an ISP in Zurich.

    Dr. Lukas Ruf

    Dr. Lukas Ruf is founder and CEO of Consecom AG.

    Consecom is specialized in Strategic ICT Security Consulting, and offers support by concept (design), implementation and review (security testing, reviewing and auditing) services. Lukas completed his master and Ph.D. studies the Swiss Federal Institute of Technology (ETH) Zurich in electrical engineering.

    For more than two decades, he has been working as a consultant, architect and auditor in the areas of governance and organization, processes, and technology.

    Among others, he is a well-known specialist for end-to-end security, identity and access management as well as information security management.

    Dr. Serge Droz

    Dr. Serge Droz hat in einem früheren Leben über schwarze Löcher geforscht, sich dann aber im IT-Security Umfeld neu orientiert.

    Nach über 10 Jahren bei der Stiftung SWITCH arbeitet er seit diesem Jahr bei Open Systems im OS-CERT.

    Dr. Droz ist sowohl national als auch international in diversen Gremien aktiv, unter anderem ist Er Mitglied des Board of Directors von FIRST.

    Sign up

    Invited end users have free entrance.
    IT product & service companies: 250 CHF