1:30 pm

Registration

2:00 pm

Welcome & short introduction from SIGS

2:00 pm

Benedict Simlinger, Lecturer at Berner Fachhochschule & Senior Consultant at aucoma

OPC UA Case Studies
Benedict Simlinger provides detailed, practical case studies on setting up OPC UA communication across large geographic regions from his work with multiple organizations. The presentation examines both technical and organizational aspects and demonstrates how cybersecurity and OPC UA interact in real-world operations. Using concrete use cases, the report demonstrates the challenges that typically arise, how different organizations address them, and which factors take precedence.

In addition to technical topics such as architectural considerations, certificate management, network segmentation, and scaling, the report also addresses organizational issues, such as responsibilities, governance, operating models, and cross-site collaboration. The report summarizes key findings into practical takeaways that can be directly applied in your own environment.

The entire report remains product- and vendor-neutral while providing a comprehensive, up-to-date overview of the state of the art and best practices for working with OPC UA in large and heterogeneous environments.

2:30 pm

Rocco Mandrysch, OT Security Engineer at Primeo Netz AG

Developing OT Security Use Cases – Experiences and Some Considerations
In recent years, there has been an increase in reported attacks on critical infrastructure. To protect critical infrastructures from cyberattacks, regulatory authorities have introduced legal requirements, such as the “IKT-Minimalstandard” in Switzerland. These requirements include the detection of cybersecurity attacks and anomalies on servers, workstations, and OT devices, as well as within the network.   

In this presentation, I will share my experiences gained during the development of the security use cases. This will include the selection of optimal tools, the definition of the architecture, and possible processes. 

3:00 pm

Short presentation from Nozomi Networks

3:10 pm

(details will follow)

3:20 pm

Break

4:00 pm

4 different Breakout Sessions to join - you can choose/attend two of them

Breakout Session 1: Toni Widmer, OT Security Engineer & Compliance Specialist at Belimo

Workshop: "Implementation of a Global OT Monitoring System"
The workshop provides practical insights from a real production company. The focus is on benefit aspects such as asset transparency as a basis for protection, the monitoring of communication relationships (e.g., in the context of CRA and Machinery Regulation 2023/1230), as well as the detection of attacks without traditional IT antivirus solutions. In addition, typical challenges in global structures are addressed. Finally, lessons learned and success factors for standardizing the global security maturity are presented.

Breakout Session 2: Martin Scheu, OT Security Engineer at Switch

Participants can benefit most if they bring a laptop able to run a virtual machine with Linux pre-installed. (2-4 CPU Cores, 6-8 GB RAM, 16 GB HD)

Build your own virtual OT Security Lab
Operational-Technology (OT) security training is hard to scale:

• real PLCs are expensive
• networking gear is bulky
• running tests in production environments is probably not the best
• idea, as a single misconfiguration can take down the production line you
• were meant to protect

In this hands-on break-out session each participant builds a complete, self-contained OT lab on their own laptop or VPS based on OpenPLC v4 runtime, four sub-control panels speaking ModbusTCP, a FUXA SCADA/HMI, an in-browser OpenPLC Editor, an in-browser shell, and two MikroTik RouterOS devices as gateway firewall and distribution switch. All orchestrated by `containerlab` and reachable through a single landing page.

The second half of the session goes from "lab is up" to "PLC is running your code": you compile a first Structured-Text program in the browser, download it to the runtime, and watch the values move in the HMI and with tcpdump on the wire.

The workshop also demonstrates how an AI coding assistant flattens the learning curve when you want to adapt or expand the lab: generate new PLC logic from a natural-language description, add another SCP that simulates a leaking valve, extend the topology with a second PLC, write attack-payload scripts for red-team scenarios, or auto-translate an incident report into a reproducible lab scenario.

Participants leave with a running lab, a working "hello-world" PLC program, and a workflow for letting AI carry the routine parts of lab-building while they focus on the security questions.

Breakout Session 3: Nozomi Networks
(details will follow)

Breakout Session 4:
(details will follow)

5:10 pm

Short break and change the room to the next Breakout Session of your choice

5:20 pm

Start of the second Breakout Session round

6:30 pm

Dinner & Networking till open end

Rocco Mandrysch
OT Security Engineer at Primeo Netz AG

Benedict Simlinger
Lecturer at Berner Fachhoch-schule & Senior Consultant at aucoma

Martin Scheu
OT Security Engineer at Switch