Connected, Dependent, Vulnerable? – A Look Back at the GOhack25 Symposium

How secure are our connected systems – and what happens when IT, OT, and IoT converge? Under the motto “Connected, Dependent, Vulnerable?”, the GOhack25 Symposium on November 6 in Zurich opened this year’s cybersecurity conference.

An evening of technology, responsibility, and trust

Christina Kistler, Co-CEO of GObugfree, and Oliver Ittig, Head of the Cyber Security degree program at FFHS, welcomed guests to a full auditorium at the Fernfachhochschule Schweiz. Kistler reminded the audience that cybersecurity is no longer purely an IT issue: “True security only emerges when experts and non-experts, business and politics, academia and society work together. GOhack is a place where curiosity meets experience, innovation meets responsibility – and where we show that cybersecurity builds trust.”

Zurich Security Director Mario Fehr also placed trust at the center of his welcome address – illustrated by a charming anecdote about wild mushrooms gifted to him by Government Councillor Carmen Walker Späh. Trust, Fehr said, is the foundation of every society – whether in everyday life or the digital world.

IT vs. OT – Two worlds growing together

Hans-Peter Käser from the National Cyber Security Centre Switzerland (NCSC) explained how complex it is to protect OT systems, such as those in energy or production facilities: “While IT systems can be patched regularly, many OT environments still run on older, rigid technologies. Targeted remediation and clear network segmentation are crucial.”

He emphasized that cybersecurity today extends far beyond classic IT: IT networks process and protect data, while OT systems monitor and control physical processes in real time – from energy distribution to transportation. In IT, confidentiality is key; in OT, availability and operational safety take priority.

“All supply chains are interconnected – energy, ICT, logistics, food, pharmaceuticals. A cyber incident in one of these areas can trigger a chain reaction,” Käser noted. “The tight dependency between power, ICT, and logistics makes a holistic security strategy indispensable.”

Critical infrastructure on rails

Reto Inversini from SBB described the unique challenges faced in the railway sector, where each security update involves massive logistical and financial effort: “We can patch systems only twice a year. The trade-off between availability and security is real – but solvable if we share knowledge and work together.”

He explained how long life cycles, complex test protocols, and high availability requirements make securing rail control and power systems particularly demanding – and highlighted the importance of international cooperation and transparency to maintain resilience.

When the Lights Flicker

Carina-Kairi Leuenberger, OT Security Specialist at Stadtwerk Winterthur, illustrated how visible cybersecurity becomes when digital incidents have physical consequences: “Imagine sitting at home in the evening – and suddenly the lights flicker. For most of us it’s a brief scare; for energy providers, it could be the start of a cyberattack.”

She reminded the audience that energy is the backbone of modern society – and that attacks like Ukraine’s FrostyGoop incident show how a single vulnerability can disrupt entire supply networks. Her conclusion: OT security protects not only systems, but also the trust that keeps our society stable.

OT on the world’s largest container ship

Jérôme Stettler from Supercomputing Systems AG offered a glimpse into industrial reality, working on the engine control systems of the world’s largest container ships. He reminded attendees that as companies embrace digital transformation, their cybersecurity responsibilities grow too: “With new regulations such as the Cyber Resilience Act and the AI Act, security must now be part of product design from the very beginning.”

His talk showed how OT security today spans entire value chains and product life cycles.

Risks and responsibilities across IT, OT, and IoT

In the subsequent panel discussion, Dr. Michèle Balthasar (Balthasar Legal), Dr. Christian Folini (Security Engineer & member of the National Cyber Strategy Steering Committee), and Marc Bischoff (Zweifel Chips & Snacks AG) discussed risks, responsibilities, and best practices.

They agreed that effective security across IT, OT, and IoT requires collaboration between technology, organization, and law. For SMEs, this remains particularly challenging – limited resources and expertise make implementation difficult. Balthasar stressed the need for clear responsibilities and stronger regulatory frameworks, Bischoff showed how security-by-design can be embedded into business processes, and Folini called for greater cooperation and knowledge sharing across the industry.

Trains, drones and radio waves

The evening concluded with an inspiring keynote by Prof. Aanjhan Ranganathan of Northeastern University, Boston: “When Wireless Goes Rogue.” He took the audience on a fascinating journey through the world of wireless communication – from bicycle gear shifters to autonomous drones.

“We use connected devices for convenience – but rarely think about their security,” said Ranganathan.

His examples revealed just how intertwined digital and physical safety have become – and how true security can only arise when technology, business, and society work together. Even after two hours of intensive presentations, the audience remained captivated – a clear sign of how tangible and relevant OT security has become.

Networking and Apéro

The evening wrapped up with an Apéro riche, offering plenty of space for conversation and connection – true to the GOhack motto: Cybersecurity. Community. Collaboration.