SIGS Special Interest Group
8th SCADA Forum (SCADA, ICS and OT Security)

Save the DateClick on the .ics file to save the date

Target Audience Information Security Professionals interested in SCADA, ICS or OT Security

CIO’s, CISO, IT Manager, Security Executives, Security Engineers and all other persons who are responsible and interested in this specific topic

Security Consultants and Reseller only technical interested persons. Per Consulting Company max. one participant. Vendors and peoples from the Sales/Marketing part are not authorized to take part.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the hotel shuttle

Date of Event 29th of August 2018
Further planned date: 28th of November 2018
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and apéro riche included



1:00 – 1:30 Registration & Coffee
1:30 – 2:00 Mille Gandelsman, CTO at Indegy
Mille leads Indegy’s technology research and product management activities. Prior to Indegy, Mille led engineering efforts for Stratoscale and spent several years leading cyber security research for Israel’s elite intelligence corps. Mille is a graduate of the elite Talpiot military academy and holds a Masters degree with honors in Computer Science from Tel Aviv University.

Cyber Resiliency for ICS Environments
ICS Device Integrity and why it is so important for securing critical infrastructures:

  • What are the real threats to industrial systems?
  • Are we really operating as if security is indeed a top concern? Where is the safety concern?
  • How would you hack a control system? And how can it be detected and prevented?
  • Most typical blind spots in ICS security and safety

2:00 – 2:45 Ivo Maritz, Head Cyber Security (CSO/CISO) at BKW AG and Franco Monti, Senior Partner, at Monti Stampa Furrer & Partners AG

OT Cyber Protection Beyond The Myth Of Passive Monitoring

Part 1
Introduction into models of OT monitoring with pros and cons. Discussion of how to best initiate OT protection in the own environment – real life pitfalls to watch out

  • Reasons why OT monitoring becomes a must in critical infrastructure
  • Passive versus active monitoring
  • Categories of OT protection suppliers
  • Experiences in selecting the right supplier
  • Structuring an OT specification, procurement and implementation project

Part 2
OT Monitoring and Vulnerability Management in the context of BKW’s three year Cyber Security Program that addresses the growing Cyber Threat with a three dimensional approach:

  • Creating Awareness and Acceptance
  • Fully implementing IT, OT and PHY Protection
  • Improving Resilience and Reaction

2:45 – 3:15 Kai Thomsen, SANS Instructor for Industrial Control Systems Active Defense and Incident Response
Kai is the Incident Response team lead at AUDI AG and currently working on creating a modern CSIRT for Audi. Before that he established an IT Service Continuity organization at Audi and developed and executed crisis management training exercises for top management.
Prior to Audi, he worked at SMS group, an engineering company for steel manufacturing plants. There he was responsible for network security architecture, NSM, and forensics.
Kai holds an M.A. in computer science and English and American Literature from the University of Siegen. He is also a SANS Instructor for Industrial Control Systems Active Defense and Incident Response (ICS515).

Train Harder, Reduce the Mess: How to Prepare Your Active Defense Team and Your Organization for ICS Security Incidents
Most of us do not actively train neither our own cyber defense skills nor the inter-teamwork needed to effectively and timely deal with security incidents. Especially when you need to defend ICS environments, the cooperation between various teams is key to „winning“, however
you define this.

In the talk I will give an overview how to prepare and train your Active Defense team on a budget. In the accompanying workshop we will dive more deeply into some training methods and also look at table top exercises that can be expanded to cover ICS/Enterprise
cooperation during incidents.

3:15 – 4:00 Coffee Break
4:00 – 6:00 pm Breakout Sessions
Interactive sessions/talks – chose the one you like to attend

Strategic Breakout Session
by Mille Gandelsman, CTO at Indegy

Passive, Active or Hybrid Monitoring
What’s the right choice for your ICS Network? The session will discuss the ICS manager’s top concerns, top security gaps and what is missing in ICS environments. Why sometimes it makes sense to start with risk assessment (we’ll discuss typical findings and popular pitfalls)

  • Risk and vulnerabilities; where you should focus your efforts on (hint – not patches)
  • Asset discovery; you’d be surprised what’s part of your industrial network
  • What should be the main requirements from an ICS security platform?
  • What should be the deployment considerations?
  • What can we learn from IT Security?

Technical Breakout Session
by Kai Thomsen from SANS

Follow-up: Train Harder, Reduce the Mess
In this workshop we will dive more deeply into some training methods and also look at table top exercises that can be expanded to cover ICS/Enterprise cooperation during incidents.

6:00 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A


The Sponsors of this event are:

Main Sponsor Co-Sponsor


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.