Florian Tramèr is a visiting researcher at Google Brain, and will start as a professor at ETH in the spring semester 2022.

During the session, the Roche Diagnostics Product Security and Privacy team will provide an insight into their work on securing products that range from physical medical devices to cloud-based solutions. Join us to discover more about the scope covered by Roche Diagnostics' Product Security and Privacy team and to jointly solve a CTF challenge with hands-on exercises. Do not forget to bring your laptop!

Learn more about the breadth of cyber security research happening at ETH, from to protecting military-grade networks, and from quantum cryptography to smart grids! After the event, you will have the opportunity to chat with our speakers an apéro.
No prior knowledge required, students from all study programs are welcome!

The primary objective of this case study workshop is to provide the participants an opportunity to draft and solve a real-life caselet on protecting Fallwind Ltd.'s wind farms. Come and show your cyber security six-pack -- the CEO is expecting your help!

As a CISO, you are in the spotlight of your company when a cyber attack occurs. In addition to the pressure of dealing with the incident, you are suddenly one of the most important people in the company and must be available to top management day and night... Are you ready for it?

During this Breach Workshop, you'll walk through a live incident, and discuss the actions you would take together with our incident response specialists. No prior knowledge is required, students from all programs are welcome!

This event will be in-person and will follow ETH safety guidelines, with a mandatory COVID certificate and masks. We're happy to announce that we will again be able to offer you an in-person apéro after the workshop!

Join us on October 6th for an interactive session with Camino Kavanagh to learn more! She will introduce you to the emerging normative framework governing States' use of ICTs/cyber in the context of international security, discuss the confidence building measures (CBMs) that have been agreed by States to prevent the risk of conflict stemming from the malicious use of ICTs, and explain what future work needs to be done to ensure a peaceful digital future. After her introduction it is up to you to bring up the questions that you have always wanted to ask!

Dr. Camino Kavanagh is a Visiting Senior Fellow at the Department of War Studies at King's College London where her research focuses on international politics, conflict and information technology. She has served on the Advisory Support Team to the UN's Open Ended Working Group (OEWG) and Group of Government Experts (GGE) and was lead drafter on the latter. The two Groups addressed a range of issues relevant to state behaviour in cyber space, including emerging threats, international law, non-binding political norms, CBMs and international cooperation and assistance in ICT security. Camino also served as consultant/rapporteur to the 2016-2017 UN GGE. She is currently a senior advisor to the UN Dept. of Political Affairs on Digital Technologies and Conflict Prevention and consults regularly with national governments and international organisations on policy and norms relevant to ICTs/cyber and international security. Prior to her work on digital technologies and international security, Camino spent over a decade working in conflict/post-conflict contexts, including with UN peace operations.

The talk took us through the typical stages of an attack, its intermediate goals, and the possible procedures on how to achieve those. It gave not only a high-level overview of the attack, but also some detailed technical insights into certain techniques and vulnerabilities used throughout the attack. One presented example was the weaponization of a Word Document and how to analyze it in depth.

Roman presented how he designed and set up a platform that allows security researchers to share malware samples, indicators of compromise, botnet addresses, and more. He also gave an overview of the malware threat landscape in the last decade, and the unique challenges posed by recent attacks.

Sharing some of his own experiences, he provided a glimpse into the everyday work in the IT security industry. He showed how you learn the tricks of the trade, what it needs to conduct meaningful security assessments, and why penetration testing can be an incredibly interesting profession.

Before joining ETH as a PhD student, Claudio Anliker studied Computer Science at the University of Zurich and worked about four years as a penetration tester at a Swiss cyber security company. During this time, he carried out security assessments of all kinds, provided trainings for clients and co-workers, and lead a penetration testing team during his last year.

Cloud services are getting increasingly popular in the industry, but banks tend to be conservative when using them. In this interactive session, we explored how banks shape and secure their cloud infrastructures and how they manage their compliance and regulatory requirements.

About our speaker: Mark Beerends is a passionate cyber security expert with over a decade of experience in the field of security operations and management. He has an extended track record in the financial industry as head of Security Operations Centers and Head of various IT departments. He founded his own consultancy company Prusec in 2014.

On the 31st of March, Matthias Egli showed us the challenges of designing smart contracts, analyzing their vulnerabilities, and get hands-on experience in a real-world scenario. Matthias was the COO of ChainSecurity, an ETH spin-off that has helped secure more than 1 billion USD transiting through smart contracts. After a quick technical introduction on how to interact with a real-world blockchain, Matthias presented the participants with an actual smart contract. He challenged everyone to exploit its re-entrancy vulnerability. What followed was an intensive hands-on session during which everyone tried to multiply their wealth. Following this active part, Matthias went over more intricate attack patterns like flash-loans. The event concluded with a quick Q&A session about real-world applications of blockchains and newly trending topics such as NFTs.

In just five years, Let's Encrypt helped increase the share of HTTPS requests from less than 39% to over 85%. In his interview, Josh explained both the technical specifics of a Certificate Authority as well as the moral dilemmas that can arise. He shared with us how once while coping with bugs that could potentially cause security breaches, he had to at the same time weigh the consequences of revoking 3 million certificates and potentially cause the shut-down of several domains. We also learned about crucial choices Let's Encrypt had to take to achieve a solution that would change millions of websites' behavior within a limited time frame. According to Josh, success depends not necessarily on finding a new solution but using existing approaches to make them easily usable and accessible. Many of us left his evening genuinely inspired and felt that every one of us can change the internet for the better - you just have to set your mind to it.

On the 24th of February, ETH students gained unique insights on this topic from Dr. Igor Nai Fovino. As deputy Unit Head of the European Commission's Joint Research Centre, he has acquired over 13 years of experience at the European Commission. He talked to ETH students about his research covering IoT, blockchain, risk assessment, malwares, among many more areas. One current topic of his research he discussed was whether it would be possible to use blockchain technology to aid in the logistics of Covid vaccinations (yes!).

During the talk, Igor shared with students that the EU was working towards improving data protection as a human right – not simply as a set of rules with paperwork. Furthermore, an understanding of data protection and how it must be regulated is still developing, and will continue to develop further. As such, policymaking processes are a process of continuous negotiations. How has COVID affected cyber security in Europe? For one, healthcare and critical infrastructure sectors experienced increased attacks. Additionally, COVID has pushed Europe faster towards digitalization, and cyber security has now become more relevant in the EU Commission' priorities.

The take-away from the talk was that cyber security is currently undergoing a paradigm shift. The ‘old' firewalling approach does not work anymore because digitalization implies that it is not possible to close all the system's doors. For example, the energy grid before the 90s was considered to be secure simply because it was a closed world. With the roll out of smart grids and other initiatives, it is not possible anymore to close the doors, because suppliers need continuous data floors for decision softwares. In order to do that, all devices need to be connected, and for this reason the grid is vulnerable.

Luca Gambazzi gave an introduction on how to conduct a risk-based security analysis by working on realistic examples, as well as learning about the duties of armasuisse S+T and the opportunities it offers for students.

Students learned firsthand how the crisis organization of an international energy supply company is structured and how it works. Together with our speakers, we went through the steps to cope with such a scenario.

Pitfalls, New Cyber Solutions - What is the Role of a Cyber Researcher and what does it take to be one? The speakers shared their insights as researchers, their career path and their current research topics. Their presentations were followed with ample time for questions and exchange in smaller groups.

Reto explained the continuous arms race between hackers and security vendors in the field of web application security. Some suppliers promise that machine learning is the next Swiss Army Knife to defend against web security threats; as a Swiss vendor of the web application firewall Airlock, Reto Ischi and his team analyzed machine learning-based techniques to detect web attacks. He shared with us his ideas, experience and results of their proof of concept with productive web traffic. After the talk, the students had the opportunity to exchange with the speaker and two other Ergon engineers about their job and career at a Swiss software security company.

Michael led a workshop exercising cyber crisis response at a fictitious entity. The students, split up in small teams, were confronted with a fictitious scenario of a cyber crisis, and were tasked to respond to the crisis. After a lively exchange between the teams and Michael Bem, the scenario was extended and worsened, and the students had to react to the incident in light of the new data and risks. After the workshop, Michael Bem shared his advice on how to efficiently tackle this kind of crisis, especially in a business context, and gave insight into relevant tools, techniques and processes. The students then had the opportunity to network and engage with Michael Bem about his work and career at UBS.

Or, what does it mean if NotPetya shuts down your company for several days? Why could this untargeted attack create so much harm in major companies? How does one react to ransom demands? These and many other questions were answered by Ralf Weissbeck, now the group CIO of the Adecco group but then part of the cyber security team at Maersk. He recalled how within a few hours, an at first singular event spread company wide and only by chance spared one entity which proved pivotal to deal with the crisis. Students heard first hand how important it is to invest in cyber security, the pitfalls of flat networks and the necessity to have a streamlined crisis management that is ready to act. He shared anecdotes of missed concerts and family times as the crisis demanded unbelievable working hours and sleeping arrangements, with whole company floors being converted to make-shift crisis lodgings. The event was concluded by a memorable apero at the terrace of the Dozenten-Foyer where students had the chance to ask both him and Federico Blasiotti further questions.

We wanted to know more about the role of Switzerland in the world of Cyber and were proud of having Korpskommandant Aldo C. Schellenberg to talk with us about the state of cyber security in the Swiss military. From stories about actual penetration testing and cyber attacks on an international level to the newly established cyber unit of the Swiss military, Korpskommandant Schellenberg shared his insights with us!

We invited Thyla to talk with us about the daily challenges in cyber security. Being part of the development of Mozilla's next generation of safe browsers, she shared with us what it means to apply cryptographic theory in practice.