In October, A+A 2021 in Düsseldorf is expected to once again bring together national and international decision-makers at the world's leading trade fair for occupational safety and health. The trade fair organizers write that the registration status of A+A to date points to a "reunion" in Düsseldorf. A+A is considered the leading trade show in the field of personal protective equipment, workplace safety and occupational health. Mention is also made of exciting new areas such as innovative exoskeletons that support employees at work.

As things stand, large parts of the exhibition space have already been booked, according to a statement. "For us, this is a clear signal that reaffirms the importance of A+A as the leading platform for exchange for the entire industry," explains Birgit Horn from the trade fair management.

The A+A World's Leading Trade Fair 2021 for Safety and Health at Work will take place from October 26 - 29, 2021 in Düsseldorf, Germany.

More information is available on the Homepage of the A+A.

The prevalence of home office has increased massively as a result of the Covid 19 pandemic. It can be assumed that home office will continue to be more widespread after the pandemic. This is because employees want it and it is part of employer attractiveness, but also in order to be able to reduce the number of workplaces in the offices and thus the costs.

1.1. rights and duties in the home office
In the home office, work is carried out in the private environment, thus extending the employer's duty of care and the employee's duty to follow instructions to the private environment. Employers, especially managers, are responsible for the health protection of employees in the home office and must provide appropriate measures: suitable instructions, assistance, necessary material resources must be made available. In the current situation, temporary improvisation is possible. Employees must also comply with the employer's instructions with regard to their work in the home office, as well as provide insight into the conditions of their home office workplace and shape these and their behavior in accordance with the specifications.

1.2 Home office setup
Select work location: The optimal workplace is located in a dedicated room that allows undisturbed and concentrated work. A workstation without a view of the outdoors or in the bedroom are unsuitable for productive work. If space is tight in a multi-person household, a dedicated room can be defined at specific times.

As basic equipment, a sufficiently large table and ideally a height-adjustable office chair are suitable. If you work on a notebook for a longer period of time, it helps to use an external mouse, keyboard and monitor to prevent posture-related complaints. A stable, fast and secure Internet connection is also necessary. If you work with your own PC, make sure that your firewall and virus protection are up to date. When handling sensitive data at home, the company's instructions must also be observed. Good lighting and simple measures against disturbing glare caused by incident daylight also make a noticeable contribution to complaint-free working.

The best possible work ergonomic facilities are a must: especially and particularly in times of home office. (Image ©depositphotos, ridofranz)

1.3 Organization in the home office
Design personal work rhythm: Especially home office newcomers should define clear working hours, breaks and times for leisure activities and housework or childcare at the beginning. After all, it's not easy to get into a productive work routine at home. And it takes energy to block out private obligations. Getting out of pajamas in the morning and into comfortable work clothes, and changing clothes after work help create the missing boundary between work and leisure.

Organize work: Agreements must be made with colleagues and the supervisor, but also with the family / roommates. With children of preschool age at home, this is difficult to impossible; here, agreements with the partner on reciprocal time windows and agreements with the supervisor on temporary work on marginal hours help.
Working in a home office requires a lot of discipline. The consistent implementation of known work techniques is central: reducing distractions, structuring tasks according to importance and urgency, and creating schedules.

1.4 Leadership at a distance
Create clear rules and framework conditions: The most important questions regarding working hours, availability and the division of work should be clarified and determined together with the employees. Employees can also be trusted in the home office. Studies have shown that employees in a home office are more productive and tend to work longer hours when they can manage their own time. It is important to give the necessary room for maneuver and to show appreciation.

Maintain regular exchange: Where possible, the existing communication channels should be used (e.g. at team meetings, individual meetings and working group meetings). In addition, new communication tools and platforms must be defined for both formal and informal exchange (replacement coffee break). Care must be taken not to use too many different means.

Regular individual discussions should take place with each employee. The rhythm should be determined individually, as some employees can make good use of the new "free space," while others may need more support.
The duty of care can be fulfilled by regularly asking how employees are feeling, especially those who are working in a home office for a longer period of time for the first time.

You can read the detailed technical article in the print edition SAFETY-PLUS of March 10, 2021.

Mr. Hiestand, what is the worst-case scenario for cyber attacks in the industrial sector?

Roger Hiestand: We have to distinguish between IT security and OT security. In the OT area, the understanding of IT security and, in some cases, the technology is ten years behind IT. This is therefore also the biggest attack vector or the worst-case scenario. Even script kiddies, i.e. users without much know-how, have a relatively easy time attacking industrial plants. For example, you could raise the temperature of a refrigeration system in a food processing plant by five degrees without anyone noticing, and all the food would be spoiled. That goes on to CNC machine controls. That could be millimeters when milling in an engine block, which could result in a total loss of the engine if necessary. From the OT side, the industrial sector is still a very conservative sector. First and foremost, it's about functionality, security is downstream: However, as before, a lot of things are still unencrypted in industrial plants by design. For a long time, no thought has been given to IT security, for example with SNMP or BACnet, in industry and building technology. It is true that there are efforts to make the devices or the communication protocols such as SNMP v3 or BACnet Secure more secure. However, it is usually a long way until the end devices and the software fully support the standards.

Why are more and more ransomware attacks on industrial control systems currently in vogue?

A cyber attack always depends on what you want to achieve. If you want to spy on a trade secret, you are more likely to use a classic Trojan. Then you are on the move "in silence". The damage always comes afterwards. In the case of ransomware, the attacker wants to extort money - as much money as possible: However, very many industrial control systems are still operated with Windows 7 or even Windows XP today - and not, for example, with a current (possibly hardened) version of Windows 10. Since the two previously mentioned operating systems no longer receive security updates, a ransomware attack has therefore become correspondingly easier and more effective. To do this, an attacker does not even have to engage in large-scale social engineering. He could theoretically put a USB stick on a janitor's desk, and the probability is very high that this stick will be plugged in to check what is on it - and with this step the attack has begun. The effort is thus very small and the success factor rather large that the companies pay the ransom, e.g. in the form of Bitcoins, because most companies have no security precautions, such as for backups, and are thus dependent on the attacker decrypting the data.

Which attack vectors pose the greatest risk in OT?

A large part of the networks in industrial plants are flat and have little to no safety measures. To illustrate, a flat network is like a power rail. There are no security measures to prevent you from plugging anything in and drawing power; it's the same with these flat networks. Anyone with access to a switch can plug in any device and scan the network for vulnerabilities. The problem: In OT, many of the switches are located somewhere in the basement, in storage rooms or riser zones. Thus, one is also more likely to go unnoticed in the event of an attack, as the flow of people in such rooms tends to be lower than in a busy office. The fact that the networks are flat (layer 2) means that video surveillance cameras or ventilation controllers, for example, can be found quickly and easily and compromised if necessary.

Whose job is it to protect industrial networks?

In industrial networks, the installer usually provides the necessary infrastructure. Conversely, if the installer provides the infrastructure, the IT department (if it exists) often says that it no longer has anything to do with the system. There we are already in a field of tension, in the sense of "fire and forget". A system is built, but often no longer supplied with security-relevant patches. Monitoring that detects whether third-party devices are connected, for example, is also missing. A specific team that takes care of the security of industrial networks therefore tends not to exist. At best, if a service contract is in place, the necessary security updates from the manufacturers are imported during the annual inspections. Incorrectly, the view persists that nothing should be changed on functioning systems (proverb: "Never touch a running system").

Are there any independent "OT security experts" or expert teams at all that can be convened for a target/actual analysis regarding network segmentation and general OT security?

This is precisely where we at the SES Association have come in. Our goal is to address these issues through our work. We have produced fact sheets, guidelines, best practice approaches and training to raise awareness of this issue. As indicated in a question earlier, the first step is to create an understanding of IT security in the first place. Once this first step is taken on both sides (installer and contractor), IT/OT security experts can assist. And to answer the question clearly: Yes, there are such independent experts. As an IT security expert, it is a relatively simple "undertaking" to familiarize yourself with the peculiarities of the OT world.

What should I look for when choosing an OT security provider?

This is a difficult question. Since the requirements and the possibilities are sometimes rather low, it is certainly important to ensure that professional hardware is used that has a long service life in every respect. This means that consumer hardware is not used, which, for example, is "end of life" after just one year. There are manufacturers who offer a lifecycle of seven to ten years in extreme cases, including hardware replacement and security updates. As a second criterion, it is important to ensure that process-related solutions are taken into account. Keywords: employee sensitization, patch management and backup strategy.

You can read the full interview in the print edition of SicherheitsForum from March 3, 2021.

$21.88 billion: that's how much Microsoft will receive for a contract to supply 120,000 augmented reality headsets from the U.S. military. How "Press release"reports, the deal is to extend over a term of ten years.

These are AR glasses called IVAS (Integrated Visual Augmentation System) that have been specially optimized for combat use. In addition to a GPS sensor, an improved night vision and thermal imaging mode is integrated.

Back in 2018, Microsoft had signed a contract with the U.S. Armed Forces to develop the headset prototypes. The billion-dollar project was preceded by a deal worth $480 million. Now the production phase is starting.

Source: Press release

From May 15, 2021, applications can be submitted to the FOPH to conduct pilot trials with non-medical cannabis. The studies should provide more information on the controlled dispensing of non-medical cannabis. The studies should also provide conclusions about the health and consumption habits of users. These are to be tested in a scientific framework. Ultimately, the federal government also wants to measure the effects on the local illegal drug market and the protection of minors.

Controlled products and awareness of the risks

The cannabis offered must meet high quality standards and originate from organic cultivation, writes the federal government: Since only by monitoring the supply chains from seed to production also the black market is circumvented. Appropriately trained staff at the sales outlets should also raise awareness of the risks of consumption.

Strict framework conditions

Participants can only purchase a limited amount of cannabis per month in the pilot, and resale as well as consumption in publicly accessible places would be prohibited. Only people of legal age who already consume cannabis can participate in this trial. Participants must also reside in the canton where the pilot trial will be conducted. The health of the subjects will be monitored throughout the trial.

Source: The Federal Council

Thanks to the software, multiple cameras can be operated from one PC. (Image: Seervision)

The Corona crisis has given videos a strong boost as a means of communication. Meetings, presentations and even cultural events are broadcast online. If you want to stand out in the crowd of live audiovisual offerings, you need to deliver a high-quality performance. That's why more and more companies are investing in the necessary equipment and technologies to deliver a better experience and high quality. Seervision, a spin-off of ETH Zurich, is also feeling the effects of this.

Seervision develops software to automate cameras in studios. In this way, one person can effortlessly operate and control multiple cameras simultaneously. "Companies can thus produce professional videos without being afraid of the complexity of implementation or the costs," says co-founder and CEO Nikos Kariotoglou. This is exactly what companies are looking for in times of home offices.

"The world switched to online and hybrid events in one fell swoop," he says, describing the change. Until now, the spin-off's technology primarily served video production companies that were already familiar with cameras and live broadcasts. Since the beginning of the pandemic, more and more companies from various industries have become interested in it, wanting to set up their own studio, for example, to present their business figures professionally online. Thus, Seervision's market expanded from one moment to the next, "we were positively surprised by this and our sales talks became much easier," says Kariotoglou.

Software controls multiple cameras

At the core of their solution is software that combines artificial intelligence, image recognition and mathematical prediction models. It can anticipate the movement of a person in the image and pan the cameras as if they were operated by humans. At the same time, the software works with different cameras from different manufacturers, which allows the technology to be flexible and versatile. From the computer, a person can conveniently control the entire video recording, select image sections, and play in presentation slides or videos. The application is particularly suitable for broadcasts when the budget is too small for a whole team of camera operators or the technical know-how is lacking. This can be business presentations, cultural events such as concerts or even the recording of a tennis match.

The software works with different cameras and is suitable for various events. (Video: ETH Zurich)

The path to Seervision's current solution was marked by various attempts and detours. The fact that Nikos Kariotoglou completed his doctorate in control engineering at ETH Zurich at all was due to chance. During his master's studies in electrical engineering at Imperial College in London, he did an exchange at ETH Zurich. During that time, he injured his knee playing soccer and was stuck in the laboratory of the Institute of Automatic Control (IFA) from then on. "If that hadn't happened, I think a lot of things would have been different," he says with a smile. He tinkered with robots and was so enthusiastic about the lab that he eventually applied for a doctorate.

As a doctoral student, Kariotoglou worked on remote cameras and had the idea to improve them with a new algorithm. The cameras should react intelligently to the movement of a subject. Reto Hofmann, a master's student at the time, took on the challenge of assembling such an intelligent camera system for the lectures of the head of the IFA, ETH professor John Lygeros. The clunky, heavy prototype formed the foundation for the spin-off they founded in 2016. A few months later, as the system thrived, Conrad heard about their idea from Grebel. The owner of a video production company quickly joined the startup as a co-founder, bringing important industry expertise to the table.

The Seervision founders (from left): Reto Hofmann (CTO), Niklos Kariotoglou (CEO and Conrad von Grebel (CMO). (Image: Seervision)

Failure lets you learn

At the beginning of the company, the three founders developed a handy camera - similar to an action cam - and a camera mount with intelligent control called "Bungito". They could automatically detect subjects in the image, track their movement and pan in that direction. However, the devices never made it past the prototype stage, as the team realized how complex and expensive it actually is to develop hardware for the consumer market. That's why they decided to focus fully on their software and develop it further.

"I'm glad we changed our business idea." Kariotoglou is certain that the detours into hardware prototyping were necessary and refers to an American entrepreneurial adage: "You have to fail a few times because those are the only moments when you really learn something." Even though the spin-off now has a marketable product and has already won a few awards, the CEO still sees a long road to success. What drives him is the ambition to "reach the point where we're growing and profitable at the same time." It's quite possible that the growing importance of online events will bring Seervision closer to that point.

Source: ETH News

Seervision website

The Russian agricultural regulatory agency said that the coronavirus vaccine "Carnivac-Cov" for animals has been tested on dogs, cats and minks, among others, since last October, Keystone-sda reports. Antibodies have been detected in all vaccinated animals.

As the risk of transmitting the novel coronavirus from animals to humans is very small at the present time, there is no need to vaccinate domestic animals. Such cases have not been scientifically registered so far, a representative of the Russian agricultural supervisory authority is quoted as saying.

However, a vaccine for animals could possibly prevent the spread of virus mutations in the future. In this regard, the Russian authority referred to mink, which are particularly susceptible to coronavirus mutation. For example, Denmark has had several million mink killed on farms - on the grounds that the coronavirus had mutated in the animals and spread to humans.

Source: LID

Until now, certain chemicals have had to be labeled in two official languages. In practice, this means that in the Italian-speaking parts of the country, products are also legally on sale that are not labeled in Italian. In the future, the language of the place of sale will always be decisive for the labeling of all chemicals, such as pesticides, biocides, fertilizers or household chemicals, according to a federal notification.

Furthermore, the notification procedure for new substances is to be modernized. Up to now, only substances that are not on an existing substances list (EINECS) have to be notified with a data set before being placed on the market. In the future, all substances that are not registered in the EU will have to be notified. The consultation will run until July 16, 2021.

Source: the Federal Council

The Armed Forces Command Support (FUB) is to be transformed into a military "Cyber Command" at the beginning of 2024. This is to be created from the current Armed Forces Command Support and become independent. According to a statement by the Federal Council, the command and control base support (FUB) will in future focus on ensuring the IT services of the military administration.

The transformation is to take place within the framework of a project organization and gradually build up the capabilities for the new tasks. The Federal Council has appointed Alain Vuitel, a division officer, as project manager for the command base support. Chief FUB ad interim until the transformation is completed will be Thomas Fankhauser, who currently heads the Operations Department of the Federal Office of Information Technology, Systems and Telecommunication (FOITT) as vice director. From the beginning of 2024, the Cyber Command will be responsible for the operational areas of cyber defense, ICT services, cryptology and electronic warfare, while the FUB will continue to ensure the regular IT services of the military administration.

The 56-year-old Alain Vuitel studied economics at the University of Neuchâtel after graduating from high school. In 1989, he joined the Federal Administration and held various positions in the service of the Armed Forces. In 2001, he completed further education at the University of London, King's College, among others, successfully completing a Master of Arts with Merit in International Studies. As of January 1, 2016, Division Chief Vuitel was appointed Chief of Military Intelligence and confirmed as Chief of Military Intelligence & Service for Preventive Protection of the Armed Forces as of January 1, 2018, within the framework of the Further Development of the Armed Forces (WEA).

Source: The Federal Council

The Competition Commission's secretariat has been informed that several distributors pressured a competitor to raise the prices of Covid-19 self-tests under the Joinstar, Hotgen and Lysun brands to the same level as its competitors, according to a separate statement. It responded immediately by opening a preliminary investigation against Techcompany GmbH and two other companies that distribute these products to pharmacies and laboratories.

The purpose of the preliminary investigation is to clarify the state of affairs and to determine the further course of action in this matter. It is not directed against the company Aristos International GmbH, which reported the case to the Secretariat of the Competition Commission.

The Federal Office of Public Health (FOPH) recently announced that the self-tests will be made available to the Swiss population free of charge from April 7, 2021.

Source: Weko

It is true that motorcyclists only cover around three percent of all motor vehicle kilometers on Swiss roads, as the Swiss Federal Accident Prevention Bureau (BFU) writes in a press release. The fact that motorcyclists are still responsible for a quarter of the most serious traffic accidents per year is alarming. Every year, more than 1000 bikers are seriously injured and 50 lose their lives. As a rule, however, it is the 15- to 17-year-olds who are most affected. According to the BFU, they are twice as likely to have an accident as those aged 30 to 39. Their behavior also tends to be riskier, as they are less able to control impulses and are more likely to underestimate themselves when driving.

Possible increase in serious accidents among young people

The BFU even suspects an increase in serious motorcycle accidents among young people. The reason: since this year, 15- and 16-year-olds now also have access to 125cc machines. With the more powerful and faster machines, however, the risk of accidents and more serious injuries also increases. It is therefore very important that young bikers receive sound driving training, during which they are made aware of motorcycle-specific dangers, explains Christoph Jöhr, motorcycle expert at BFU. "The problem is that many leave it at the obligatory practical basic course and - unlike driving a car - forego sound training in a driving school," Jöhr continues.

The most important tips for safe motorcycle riding:

• Driving with foresight and defensively
• Always expect to be overlooked
• Do not cut corners and regularly practice proper braking
• Wear protective equipment - even on short distances
• Riding a motorcycle with ABS (anti-lock braking system) - pay attention to this also with second-hand motorcycles.
• Young bikers: get trained as soon as possible and comprehensively in a motorcycle riding school

Source: AAIB

In Germany alone, 42 percent of companies rely on the cloud to archive their data, according to a study by Techconsult. In itself, archiving in the cloud is a simple and convenient matter, as the processes take place unnoticed in the background. However, there are also security concerns among companies that still rely relatively little on the cloud. Cloud provider Mimecast attempts to allay these concerns in a statement. These are mostly unfounded. The storage provider from England, which primarily focuses on cloud-based e-mail management, lists the security advantage as the main point to consider if a company wants to rely more on the cloud.

Safety and costs

The issue of security is holding many companies back from using the cloud. In a study conducted by Mimecast, 44 percent of respondents said they had security concerns about the cloud. Compared to corporate servers, cloud-based systems are generally considered to be very secure. Depending on the provider, data is encrypted in a complex manner. In addition, data is usually stored across several data centers. If one data center fails, the data is usually still available.

However, around 30 percent of respondents in Germany also state in the report that cloud solutions for outsourcing data are still too expensive for them. Mimecast is of the opinion that data loss is usually more expensive for companies than the initial costs of an enterprise cloud solution.

One thing is certain: the number of ransomware and phishing attacks has increased enormously in 2020. Reliable archiving of emails and important company data is a must. Particularly in small SMEs, but also in the industrial sector, cyber attacks have increased sharply in the past year. At securityforum.ch you will find a number of Ransomware prevention tips.

Source: Mimecast