SIGS Special Interest Group
11th SCADA Forum (SCADA, ICS and OT Security)

Save the DateClick on the .ics file to save the date

Target Audience Information Security Professionals interested in SCADA, ICS or OT Security

CIO’s, CISO, IT Manager, Security Executives, Security Engineers and all other persons who are responsible and interested in this specific topic

Security Consultants and Reseller only technical interested persons. Per Consulting Company max. one participant. Vendors and peoples from the Sales/Marketing part are not authorized to take part.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the hotel shuttle

Date of Event 14th of May 2019
Further planned dates for 2019: 17th of September and 21st of November 2019
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and apéro riche included



1:00 – 1:30 Registration & Coffee
1:30 – 2:00 Kai Thomsen, SANS Instructor for Industrial Control Systems Active Defense and Incident Response
Kai is the Incident Response team lead at AUDI AG and currently working on creating a modern CSIRT for Audi. Before that he established an IT Service Continuity organization at Audi and developed and executed crisis management training exercises for top management.

Prior to Audi, he worked at SMS group, an engineering company for steel manufacturing plants. There he was responsible for network security architecture, NSM, and forensics.

Kai holds an M.A. in computer science and English and American Literature from the University of Siegen. He is also a SANS Instructor for Industrial Control Systems Active Defense and Incident Response (ICS515).

Speed Up Your Network – Baselining with Pyshark
If we look at basic building blocks to protect our environments against cyber threats, one of the most important aspects is „know your environment“. The CIS control number one actually is „Inventory and Control of Hardware Assets.“ Especially in ICS environments most of us still don’t have a very clear understanding our networked assets and their network traffic patterns.

But unfortunately there is no shortcut to understanding our environments if we want to be successful in defending them. Thus baselining, figuring out what normal patterns of network traffic look like in our environments is one of the most important tasks for any security team.

On the upside there are a number of free and Open Source tools that together with a little automation can ease the burden of baselining your environment.

The talk will give an introduction into the basic method of leveraging the Python library pyshark to help creating network baselines. We will also look at tools the help creating visual network maps.

2:00 – 2:30 Yariv Lenchner, Director of Product Management of Indegy
Yariv has over 15 years of experience as Product Manager, Product Marketing, and System Engineering in the field of ICS, Security, VoIP, IP Networking and Enterprise Software. Prior to joining Indegy, Lenchner was Product Manager and Product Marketing at CyberArk and NICE Systems and before that served as a System Engineer at the Israeli Air Force. Lenchner holds a B.Sc. in Electrical Engineering and an MBA, both from Tel-Aviv University.

The Latest Trends in ICS Cyber Security
A confluence of trends have caused the security of industrial operations to take center stage in the C-Suite. The convergence of IT and OT environments, migration of once isolated OT environments to IIoT, and of course increased targeting of industrial networks just to name a few. With these emerging trends, there is an even greater need to have 100% visibility, security and control across industrial environments.

Join us for this engaging session where we will provide actual examples from the field and where we will cover:

  • The current threat landscape given the new reality
  • The different methods and latest technologies unique to OT Security
  • What you need to know in implementing ICS security as part of the your organizations larger security posture
  • Lessons learned and tips from implemented projects
2:30 – 3:30 Omar Benjumea, Head of Cyber Security Advisory at Selectron Systems AG
Omar Benjumea is a Spanish Security Professional with more than 13 years in the field. After working in variety of different security roles in spanish companies Omar moved to Switzerland in 2014 where he has been building Managed Security Services for the last years. Last quarter of 2018 he moved to Selectron Systems, a Swiss provider of solutions for automation in rail vehicles. From 2016 he’s also collaborating with the UOC (Open University of Catalonia).

Next Station: Cybersecurity
We will get an overview from a manufacturer who design and build solutions for automation in rail vehicles on the most common architectures for such vehicles, their evolution and the challenges they are and will face regarding cybersecurity and will look with the attendants into similarities and differences with other Industrial sectors.

Some topics that will be reviewed on the workshop are:

  • Signaling system and cybersecurity
  • Railway Onboard systems
  • Typical Railway networks
  • What are we doing at Selectron Systems regarding Cybersecurity:
    • Implementation of IEC62443 standard (It is an standard for IACS so it can be applicable to any other sector)
    • Development of railway specific cybersecurity solutions (Same approach could be taken in any other industry)
    • Risk Assessments, awareness, trainings, etc..

3:30 – 4:15 Coffee Break
4:15 – 6:00 pm Breakout Sessions
Interactive sessions/talks – chose the one you like to attend

Strategic Breakout Session
by Yariv Lenchner, Director of Product Management of Indegy

Cybersecurity and Industrial Networks – where are we now and where are we going
Modern day industrial operations often span complex IT (information technology) and OT (operational technology) infrastructures. In a very standard environment, thousands of devices exist and are increasingly being connected via the Industrial Internet of Things (IIoT). This creates new challenges in securing industrial environments specifically by making cyber-security threats even more difficult to detect, investigate and remediate. In this session we will address:

  • Critical Infrastructure is so much more than you think
  • Current industrial attack methods and targets
  • Actors and motivations
  • What has changed in the threat landscape
  • Five key areas to address to secure your IT/OT infrastructure

Technical Breakout Session
by Kai Thomsen, SANS Instructor for Industrial Control Systems Active Defense and Incident Response

Follow up: Speed Up Your Network – Baselining with Pyshark
The workshop will be a hands on, participants will receive a Virtual Machine based on Ubuntu 18.04 LTS Desktiop to participate in the exercises.

Participants will need laptops with VMWare Player or Workstation 12 or newer (Mac: VMWare Fusion 8 or newer) pre-installed! The free 30 day test version of VMWare also works.

6:00 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A


The Sponsors of this event are:

Main Sponsor Co-Sponsor


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.