Miss Fabienne Fischer, State Councilor in charge of the Department of Economy and Employment of the Republic and Canton of Geneva.
« We must be able to take back the control over our data. It is a major stake, whether we are individuals or companies, it is our main raw material in the digital world; very often we are not aware of generating data; no notion of how they are exploited and by whom; it is important to regain control and to recreate a digital sovereignty for each and every user of the digital world »

Mister Philippe Leuba, State Councilor Head of the Department of Economy, Innovation and Sport of the Canton of Vaud
« We notice that in public political entities or SMEs, there is often a lack of awareness and of available means. Because protecting oneself against hackers in this field requires extremely important financial means and skills. That’s why we are going to launch a support program dedicated to SMEs in the State of Vaud because we are aware that this is a real challenge. »

The Trust Valley day started with a panel moderated by Dr. Edouard Bugnion, Professor at the Faculty of Computer Science and Communication at EPFL, during which several business leaders testified. Styv Mermod, CTO of the insurance comparison platform comparis.ch, spoke about the attack on his company. “Some communication and security protocols with standard responses worked well, but the psychological impact was very high,” he recounted. “The support of the police during the search and negotiation phase was crucial, but they did not have the necessary means “to fight groups like the one we were victims of”, regretted Styv Mermod.

The Deputy Executive Director of the Foundation des Oliviers, Sandra Feal, also shared her experience, referring to the crisis situation the foundation was plunged into after its digital data was confiscated by cybercriminals demanding a ransom. “At the time of the hacking we were not prepared either in technical protocol, nor on the human organizational side.” The Foundation received support from the cybersecurity unit of the State of Vaud, which supported her in filing a criminal complaint, but this structure lacks resources, she explained.

Sergio Alves Domingues, CTO of SCRT, also emphasized the need to prepare SMEs to deal with attacks. “A majority of SMEs practices are not oriented towards security because people are not aware of the danger.” he warned.

Reacting to these testimonials, the Director General of the Directorate General of Digital and Information Systems (DGNSI) of the State of Vaud, Patrick Amaru, recalled that the legal responsibility is at the level of companies, but that SMEs, small foundations, and small municipalities have limited resources. “Today, we do not have the capacity nor the legitimacy to go and take care of the IT of the municipalities or the foundations”, he stressed. Hence the importance of having “initiated this reflection, hoping for answers on the elements mentioned in the next six months,” said Patrick Amaru.

For his part, André Duvillard, Delegate to the National Security Network (RNS), refers to a certain form of naivety, while cyberattacks are expected to intensify both in number and in quality. “12,000 cyberattacks have been recorded in Switzerland, but we can imagine that there will be 2 to 3 times more,” he warned. Cybersecurity is now a major issue and should be at the top of the agenda of decision makers, whether at the municipality level, the management of SMEs, or parliaments, said André Duvillard, believing that the focus should be on awareness and prevention, in order to reduce the risks. “We are preparing an awareness program for the states and municipalities administrations for next year, and the confederation will join in,” he announced.
“There is still a lot of work to be done,” André Duvillard continued, advocating for the establishment of international, national and state partnerships, given the global nature of this issue. Switzerland must also adopt a new approach to criminal prosecution, he said, announcing the upcoming launch of a consultation on the process of mandatory public disclosure in case of data theft, for which the GDPR would be an inspiration but not the starting point.

The debate ended with a message from the President of the State Council of the State of Vaud, Nuria Gorrite: “Cybersecurity is an opportunity to put the huge skills that already exist on our territory, to federate them, to develop them and to transform them into a competitive advantage. IT security, trust in digital is a collective good, almost a public service that the authorities must promote.”

“Sharing information across critical infrastructures is essential for collaboration and to reduce information asymmetryj between attackers and defenders.”

“This collective cyber intelligence cannot be decreed. It must be built on clearly identified common denominators, aligned incentives and, above all, mutual trust established over time.”

“Are we in a systemic cyber crisis?” To answer this question, Dr. Jean-Marc Rickli, Head of Global and Emerging Risks at the Geneva Center for Security Policy (GCSP) moderated a discussion among six key industry players on the notion of critical infrastructure and the measures to be implemented.

The speakers began by highlighting the complexity of the current ecosystem and the importance of what is at stake. “This is not just a technical issue. It is about governance, it affects the social link between citizens and the state”, stressed Tom Kleiber, CEO at SWITCH.

Christophe Nicolas, Group Chief Information Officer at Kudelski, refers to a snowball effect, “We are in an acceleration of digital technology adoption but this makes the ecosystem more and more complex to understand and we lose the global vision in terms of security when this ecosystem adapts and we forget to update our procedures, our approaches.”

Aging and obsolete IT infrastructures represent a real time bomb, and to put in place quality strategic infrastructures, “we need to help, ‘we’ in the broadest sense. There must be a political awareness,” said Christophe Gerber, Client Partner Defense & Cybersecurity at ELCA. “We are not ready. We need to work together in the private and public sectors,” emphasized Christophe Gerber, Client Partner Defense & Cybersecurity at ELCA. Pierre Maudet, Chief Digital Transformation Officer at Wisekey, also stressed the importance of “arriving at common definitions and identifying the most urgent measures.”

In order to strengthen the Swiss brand abroad, “we need to build digital trust, not only through functionality but also through the way we manage and cooperate,” said Tom Kleiber, CEO of SWITCH.

André Duvillard, Delegate to the Swiss National Network, agreed, calling for a “holistic approach. We need to banish and break down silo thinking. The real challenge is to create trust between the private and public sectors to address this notion.”

“There are solutions to protect data and its use as close to its source as possible, to reduce its potential attack. It is a question of education, explanation and transparency,” summarized Philippe Thévoz, eGovernment Systems Vice-President at SICPA. Pierre Maudet insisted on the need to federate energies at the level of schools, entrepreneurs and the population under political leadership.

“We are only at the beginning, but to succeed, we must act together”, concluded Dr. Jean-Marc Rickli.

The stakes are high: cybercrime now weighs in at nearly CHF 6 trillion per year in a digital economy valued at around CHF 19 trillion. “Cybercriminals are becoming more and more innovative and the attacks more and more sophisticated. We have to expect an acceleration of the trend, and be prepared for it,” warns Lennig Pedron, CEO of Trust Valley. Trust Valley’s commitment is based on six fundamental pillars: Mapping, Promotion, Networking, Talent and Pilot Projects. “We have developed a unique ecosystem, thanks in particular to a network of dynamic and growing startups,” she explains.

An in-depth work on critical infrastructures in the broadest sense has also been initiated by the industrial founding partners since late 2019. Since then, ongoing discussions are creating momentum and finding concrete solutions together.

Two flagship projects have also recently been launched with the help of Trust Valley founders and partners. The first aims to participate in the development of the National Network on Digital Self-Determination set up by the Confederation. The second is a program to support SMEs, announced at the Trust Valley day. Participants also discussed the next themes, mobility and talent, in two workshops organized on the sidelines of the event.

«Nowadays we have an asymmetry in the labor market: in cybersecurity and in digital roles there are less people than what is needed, we don’t have enough transparency about their skills, and there to priorities are often changing, and on top of that new skills are added all the time.» said Frode Hvaring, HR Guide and Culture Builder, the moderator of the session.

This issue is reflected in different sectors. From an NGO perspective, Francesca Bosco, Chief of Staff, Head of Foresight at The CyberPeace Institute said that «There are many aspects of the market untapped beyond the usual cybersecurity related framework, both in terms of skills and in terms of sector, like the civil society one». On the NGO level, the reality is that often they don’t have fully dedicated resources and staff dedicated to cybersecurity. On the corporate level, the challenge is to engage with their own talent and retain them. That is why the CyberPeace Builders program has been developed to support NGOs with a unique network of corporate volunteers. The objective of this diverse and inclusive cybersecurity program is to make volunteering easy and create match making opportunities by finding the right talent. «Cyberpeace is a shared responsibility» said Francesca.

From an academic point of view, Sylvain Pasini, Professor in computer security at HEIG-VD, said that «They have reached today over 250 students overall but it still doesn’t answer the current need.» They have implemented a « contamination » process where each profile has their own security skills. The importance of creating a full ecosystem under cybersecurity is needed to keep track of the updates and follow the trends of the industry. This is why it is important to capitalize on the BlackAlps community to constantly nourish and connect with the experts in the field.

From a startup point of view, Dr. Laurent Balmelli, Co-founder, Head of Product and Market at Strong Network, the ways of working needs to be adapted, people are becoming more flexible in employment, mainly the new generation, companies can benefit from this liquidity. « There is a need to maintain skills in the workforce, it’s one of the biggest challenges of the company because with the pace of technology today it is difficult to ensure the employees are properly trained. »

Finally from the private sector, Patrice Perche, Chief Revenue Officer & EVP Support at Fortinet raised the issue. « Universities are delivering the topnotch engineers but the volume of people that we are getting is too small. » The fact that today the demand represents 3.1million jobs opened on cybersecurity worldwide and 40% won’t be fulfilled, reflects the reel gap. « We need to enlarge more but we need more people 3,4,10times more people ». Patrick Perche was clear about the emergency of finding talents and stated that it is impossible to wait for people to enroll in a 3 to 4years program, the need is for today. All the actual ecosystem has to make this field appealing to attract more people. It’s an industry where financially people are rewarded and it’s going to last. He calls universities, education to encourage more to have engineers and points out that there is a challenge to convert people who are tempted to go to the dark side. For these reasons, « Fortinet developed an academic program with a goal to train for free 1 million people worldwide in the next 5 years. »

There is a large consensus among the Experts and Entrepreneurs in these areas that there is a growing Talent issue today, there is a mismatch between the needs and the supply of skilled Talent. The path towards solutions is through more transparency, better sharing of knowledge and concrete collaboration between all parties involved. The ingredients are mostly available, what is now needed is pro-active coordination of joint forces in the area of Talent for Cybertrust and new Digital skills.

Nicholas Niggli, Deputy Secretary General at Republic and State of Geneva, moderated this panel and started by asking «What are we doing now to address the threats in the cyber sphere?»

«The transitional concept of protecting your data by not letting it be used makes no sense in a society where the scaling effect and data produce benefits.» said Ambassador Thomas Schneider, Vice-Director of the Swiss Federal Office of Communications. That is why «PPPs are crucial. This issue can’t be handled only by public institutions. We need to cooperate with the private sector, the civil society and academia but in order to do that we need to know each other, to be able to trust each other». «Trust is key» he added, referring to the lack of trust reflected in the e-identity vote in Switzerland.

Ambassador Thomas Greminger, Director of the GCSP called participants to «reflect on effective mechanisms that will take stakeholders out of their silos and create incentives to cooperate.» Bringing people from all sectors together to work on this issue is key to improving health, mobility, energy management, and education. In order to do that «we need to identify basic principles, building on national and international experience» said Ambassador Thomas Greminger.

Lennig Pedron, Director Executive of the Trust Valley explained that «to create this enabling environment, we need A digital reputation, A cyber relationship of trust, and digital respect. Great concepts but how to do that in a concrete way? This is the reason why the Trust Valley was born. Ecosystem too is Key. We work in this natural ecosystem against cybercrime and to develop high value in a safer digital world. The Trust Valley is a public private partnership for cooperation and coopetition in the domain of digital trust and cybersecurity. We can take the time to test and test technologies and improve them with feedback because there is a risk to deploy technology without a full understanding of its societal effects and appropriate strategies. The Internet is only thirty years old and we are opening a voice where dialogue is key. Our ability to create value is directly linked to a deep understanding of our ecosystems.»

In this regard, Estonia has been a global pioneer and trailblazer. Ambassador Nele Leosk, Ambassador-at-Large for Digital Affairs, Ministry of Foreign Affairs at Republic of Estonia shared the experience of her country in digital engagement, and the lessons learned.
«It’s not only a matter of the government to build a digital society but the matter of ‘ US’ together, ‘US’ as government, private sector and the public.» The Estonian government provided the base of digitalisation, a shared ecosystem, with a national digital identity used by the private sector. The private and public sectors are integrated within this infrastructure meaning «it is well guarded, functions well and fulfills all the requirements for a safe, secure, transparent data sharing & management.»
According to Ambassador Nele Leosk, Switzerland should benefit from its reputation as a country «where there is a historic trust because you can’t trust something you don’t know, haven’t used. It doesn’t only apply to technology, it also applies to partnerships and institutions: Geneva has all that.»

Ambassador Thomas Greminger agreed, underlining that Geneva is «a recognized global governance hub, it benefits from having the private sector, NGOs, the UN and government representatives in one place, and it is located in the region with excellent research facilities and universities working on digital and related technologies».

Ambassador Benedikt Wechsler, Head of Division for Digitalisation at the Federal Department of Foreign Affairs FDFA, also considered that was an asset but «we have to stay vigilant», he added. Switzerland must be more open, have the ambition to scale up and tell its story loudly. Today, we are in a stage of the world where «There is no alternative to a multi stakeholder approach, we have to see who takes which role and find the responsibilities» concluded Ambassador Benedikt Wechsler.

Lajla Aganovic, Head of Venture Engagement at Logitech mentioned a language gap and the need «to act as a transcoder between two worlds and try to make them work at the same pace, to work in harmony».

«It’s an ongoing challenge all about pacing» agreed Patrice Perche, Chief Revenue Officer & EVP Support at Fortinet.

From a startup point of view, Patrick Trinkler, Founder & CEO at CYSEC shared clear frustrations on processes like «having 24months of procurement negotiations just to be compliant and certified», that is not viable for a startup.
He also called for cooperation between internal and external innovation teams rather than competition.

Guillaume Pahud, Customer Portal Program Director at SGS, also refers to the existing competition between innovation teams, whether external or internal, and operations teams. «It’s a challenge in the innovation cycle to move from development to scale up», he added.

Lajla Aganovic pointed out the human element, that is central. «We often forget that companies are all about people and they are sensitive».
On the technical level, Patrice Perche advised start-ups to «think how your product or solution can fit to a platform, it will make it easier to integrate with large corporations or even sell to customers».

Lajla Aganovic believes that a collaboration between corporate and startups represents a « healthy challenge». «There are a lot of things to learn and give» Guillame Pahud said.

The moderator of the session Pascal Marmier, Secretary General at The Economy of Trust Foundation (SICPA), ended stating that «it’s all about finding ways to connect and grow together.»

Participants described Tech4Trust program as a real launch path to their success. «Tech4Trust was an incredible year, a real accelerator. It allowed us visibility. We received a lot of advice to go and don’t stop» said Najib Aouini, CEO at Duokey.

«Tech4Trust is a space to get networking, people are amazing, they can support you», added Claudio Calvaruso, Technical Project Manager at Inpher.

Both of them advised young entrepreneurs to trust themselves. «When you have a product, sell it yourself», said Nagib Aouini. Vincent Bieri also suggested not to «overestimate the needs, sometimes they are more basic than what we think so what you have is overly sufficient».

Another important advice given was to be agile. Najib Aouini told the audience how the startup had to change its business plan «because we discovered a new market, a new vertical in IoT. That is the lesson learned: Don’t focus on your initial market, change it if you discover you have other opportunities».

Participants also reminded them to seek support when needed. «Ask for help from the advisory board. Ask for basics, you can’t know everything!» insisted Yann Borboën.

Claudio Calvaruso’s main advice to the new startups is to «use more this mentorship program to expand through it. Participate in different exercises when you have support from people already in your position. They can leverage it and help you reach your goal and go further».

Last but not least, Vincent Bieri insisted that «Things take more effort, more time, more energy than you will always think. So don’t run out of cash obviously as your first priority, but also don’t turn out of energy as an individual and as a team. The team should support each other, not only technically, business wise but also on personal motivation and energy because it’s going to be a tough ride».

Yann Borboën wrapped up the session with the announcement of an alumni Tech4Trust Season2 gathering in the coming weeks to reinforce the community.
Yann Borboën concluded by wishing «Good luck to all the new startups of Season3!»