Agenda

The lack of comprehensive visibility in OT networks is a critical cyber risk for industrial organisations. In this expert panel discussion, we dissect the practical steps required to gain comprehensive insight into your Industrial Control Systems. We will explore the full visibility lifecycle, useful tools the panellists have used, and how to get past common roadblocks. Learn how to effectively turn blind spots into resilient defence strategies.
.
• What is the fastest and most reliable way to achieve a comprehensive, up-to-date OT asset inventory?
• Are there any specific tools you have used that have proved useful in gaining visibility?
• How do budget constraints impact our ability to gain visibility, and how do we get around this?
.
– Moderator: Steven Sim, Chair, Advisory Committee, OT-ISAC
– Manjunath Pasupuleti, Global Head IT-Security, OT-Security, GRC, AI Governance (CISO), ENNOVI
– Shilpy Banerjee, Cyber Security Manager, Yara International
– Abdul Aziz Patail, Head of Grid OT Management and Chief SCADA Engineer, Energy Industry
.

In high-stakes industrial environments, speed is the ultimate defense. This session explores the critical gap between attacker lateral movement and automated response. Discover how to transform legacy OT networks into agile, self-defending systems capable of isolating threats in under ten seconds—neutralising breaches before they compromise safety or production.
.
– Shane Read, CISO, Goldilock
.

Protecting critical infrastructure is a shared, vital responsibility that transcends organisational boundaries. In this session, our speaker from the Prime Minister’s Office of Singapore will explore how the state is prioritising the protection of important sectors and systems. This session will cover the prominent cyber threats, the role of government, and new legislation and initiatives to support enhanced resilience across the economy.
.
• What are the key cyber risks for critical infrastructure assets?
• Which industries are most at risk of attack, and why?
• How is the government supporting national cyber security initiatives?
.
– Mei Leng Tham, CISO, Prime Minister’s Office (PMO) Singapore
.

In order to secure their industrial control systems, many organisations focus solely on the “Machine”—the technology intended to defend the plant floor. However, in OT, building the right machine is only a small part of the solution. To transform a security investment into a tangible business outcome, organisations must look beyond the product to the ecosystem that supports it. Using the high-stakes world of Formula 1 racing as a framework, this session explores why even the most advanced cyber security tools fail without trained “Pit Crew” (People) and a rigorous “Race Strategy” (Process). We will move past the technical jargon to discuss a holistic methodology for Cyber-Physical Resilience.
.
Vijay Vaidyanathan, RVP, Solutions Engineering, Claroty
.

Selecting cyber security solutions for Operational Technology is not a procurement exercise—it is a strategic discipline. In an environment where uptime is critical and risk has real-world consequences; leaders must balance technical precision with operational judgment. This session explores the science of defensible architecture, structured evaluation, and integration with legacy systems, alongside the art of aligning cyber security investments with production priorities, regulatory mandates, and risk appetite. Rather than chasing features, organisations must design resilient ecosystems built on clarity and purpose. Attendees will gain a practical, risk-driven framework to choose solutions that enable resilience, strengthen governance, and protect critical operations without compromising performance.
.
– Mary Sebastin, Head of APAC Industrial Cyber Security, Honeywell
.

With digital threats and cyber attacks escalating, safeguarding critical infrastructure demands a team effort. In this session, Singapore’s Defence Cyber Chief explores how we can make the most of the country’s prominent position as a cyber leader. We’ll see how joint intelligence sharing and shared responsibility models fortify national resilience, and gain insights into balancing important security requirements with commercial agility.
.
• Hear strategies for aligning government mandates with private sector operational realities to create a seamless defensive posture
• Discover the importance of information sharing in identifying and mitigating cross-sector vulnerabilities in real-time
• Navigate the evolution of CI protection through joint investment in emerging technologies and workforce development
.
– COL Clarence Cai, Commander, Defence Cyber Command and Defence Cyber Chief, Digital and Intelligence Service, Singapore Armed Forces
.

Many critical assets are now required to meet new security regulations and recommendations, such as NIST and the OT Cybersecurity Masterplan. But in the race to achieve compliance, a critical question often gets overlooked: does a “compliant” system truly equate to a “secure” system? In this session, we hear a clear, practical roadmap to building a mature, proactive security assurance programme that gives you genuine insight into your OT security posture which you can rely on.
.
• Learn how to assess your OT network properly – not relying on ‘marking your own homework’
• Articulate your security posture to regulators, auditors, and leadership, and show that your organisation is not just compliant, but genuinely resilient
• Discover how to build a continuous assurance programme, including regular audits, pen testing, and vulnerability management tailored to the unique sensitivities of ICS
.
– Jacxine Fernandez, Senior Vice President – ICT, Bangalore International Airport Ltd

.

Critical Infrastructure security monitoring and protection projects are often perceived as expensive and complex. In this presentation, we will discuss, based on real-world use cases, how to do it cost-efficiently at a scale and with agility. We will present two real-world cases: a nationwide sensor network deployment, and an approach for monitoring and verifying network isolation across approximately 220 energy production sites, along with the key findings and lessons learned. Our practical lessons learned from these initiatives will be applicable to national or sectoral CERT’s and enterprises with large, distributed networks with the critical assets to be protected.
.
– Mikko Kenttala, Founder and CEO, SensorFu
– Sami Petajasoja, CEO, SensorFleet
.

CISA, the UK NCSC, AU NCSC and other authorities have all recommended significant changes to OT “secure” remote access designs. In this presentation, we review this latest advice and compare the advice to four common OT remote access architectures. We evaluate the ability of each architecture to defeat a variety of cyber attacks. In light of this evaluation, it becomes clear why government authorities are recommending a move away from VPNs and Jump Hosts – today’s most commonly used OT remote access tools
.
– Andrew Ginter, VP Industrial Security, Waterfall Security

The increasing reliance on external vendors and OEMs necessitates a robust, compliant approach to remote access within OT networks. In this session, we focus on the practical lessons learned from deploying a unified secure remote access (SRA) framework designed to manage hundreds of third-party connections across disparate industrial control systems. We will detail the architectural and procedural strategies required to move beyond fragmented vendor-specific solutions toward a single, auditable platform.
.
• Hear strategies for consolidating third-party access solutions into a unified SRA platform
• Learn best practices for integrating PAM and SRA to enforce ‘just-in-time’ and ‘least-privilege’ access policies in OT
• Discover techniques for building a continuous auditing and compliance reporting structure to satisfy internal and regulatory mandates
.
– Ronald Chan, Head of OT Security – Cyber & Information Security, Aboitiz Power Corporation
.

In an era of escalating cyber threats, the security of our critical infrastructure has never been more vital. In this session, our expert speaker offers a focused and practical guide for protecting the foundational systems that power our world. We will move beyond high-level theory to provide a clear roadmap for securing SCADA and Industrial Control Systems from both common and sophisticated cyberattacks.
.
• Set up the foundational security measures, including robust asset inventory, network segmentation, and the principle of least privilege, tailored specifically for SCADA and ICS
• Establish a monitoring programme that can detect subtle anomalies and malicious activity within OT networks
• Develop plans that prioritise operational continuity and safety while addressing the cyber threat
.
– Abdul Aziz Patail, Head of Grid OT Management and Chief SCADA Engineer, Energy Industry

The complex nature of governance in modern industrial environments leaves a critical question unanswered: Who is ultimately responsible for the security of our operational technology? Is it IT, OT, C-suite, or a shared responsibility? In this expert panel discussion, we will dissect the intricate web of governance and accountability in the realm of OT security, exploring the critical need for clear ownership and a unified strategy to defend against escalating cyber threats to critical infrastructure.
.
• How is IT/OT convergence impacting security roles and responsibilities?
• What are the best practices for establishing a robust governance framework that defines roles, responsibilities, and accountability for OT security?
• How do we manage cross-departmental collaboration and communication?
.
– Moderator Mantas Mazeikis, CISO, Helm Group
– Tony Jarvis, VP Field CISO, Darktrace
– Jacxine Fernandez, Senior Vice President – ICT, Bangalore International Airport Ltd
– Shilpy Banerjee, Cyber Security Manager, Yara International
.

Security policy is often written in a boardroom, but it’s executed on the factory floor. In this session, we move beyond high-level strategy to provide an actionable playbook for embedding cyber security into daily maintenance, vendor management, and control system operations. Learn practical tools for managing contractor access, securing removable media, triaging low-level incidents, and building a strong, security-aware culture within your technical teams. Empower your front line to become the first and most effective layer of defence.
.
• Translate high-level security policies into practical, documented work instructions for maintenance crews
• Implement robust processes for managing contractor access, temporary credentials, and USB/removable media usage
• Develop effective, role-specific training programs to establish a proactive, cyber-resilient operations team
.
Denis Ponomarev, Asia Pacific and China Principal Cyber Security Officer, Siemens Energy

The Purdue Model has defined ICS segmentation (Level 0 to 5) for decades, using the concept of an “air gap.” With IT/OT convergence, remote access, and IIoT proliferation, is this layered architecture still fit for purpose against modern cyber threats? In this session, our expert speaker offers a rigorous, technical assessment of its current relevance. We will analyse architectural challenges and show how leading security architects are applying Zero Trust principles across the classic levels. Discover if this essential framework can be adapted for a resilient, modern defence-in-depth strategy.
.
• Analyse model relevance for modern OT
• Adapt Zero Trust to Purdue levels
• Evaluate future ICS defence strategy
.
– Lim Shih Hsien, Executive Vice President – Cyber, IT & OT, Seatrium
.

As AI moves from experimental labs to the heart of business operations, it introduces unique risks that traditional cybersecurity frameworks are ill-equipped to handle. Standard playbooks often focus on data breaches and system availability, yet they remain blind to AI-specific failures like model hallucinations, prompt injection, and adversarial attacks.
This presentation explores the critical gaps in modern incident response. We will examine why traditional “containment” strategies fail when an autonomous agent goes rogue and how the probabilistic nature of AI demands a fundamental shift in technical and ethical oversight.• Learn why conventional IT protocols cannot address non-deterministic risks like algorithmic bias or logic manipulation
• Understand the specialised monitoring required to spot subtle model drifts before they escalate into systemic failures
• Discover how to build resilient response loops that prioritise model integrity and stakeholder trust alongside technical remediation
.
Mantas Mazeikis, CISO, Helm Group

Quantum computing is set to revolutionise technology, but it also poses significant risks to current cryptographic systems. This panel will explore how security leaders can prepare for the quantum era, focusing on transitioning to post-quantum cryptography, mitigating quantum-backed threats, and aligning with emerging standards like NIST PQC.

• • How soon will quantum computing impact cyber security?
  • What steps should organisations take to adopt quantum-safe cryptography?
  • How can hybrid solutions ensure a smooth transition to PQC?

– Moderator: Naveen Kukreja, Senior Risk Manager, Information and Cyber Security Risk Management, Standard Chartered Bank
– Jon Lau, CISO, A*STAR – Agency for Science, Technology and Research
– Dr. Hao Qin, Quantum Communication Technologist, National University of Singapore

The era of OT isolation has ended. Smart city initiatives, IoT expansion, and remote maintenance requirements have permanently dissolved the traditional airgap that once separated critical infrastructure from internet connectivity. This keynote addresses the fundamental shift required to protect critical infrastructure in an inherently connected environment, where physical security and hardening have emerged as the primary defence mechanisms.
This presentation explores four critical dimensions of modern infrastructure protection:
.
• Physics-Based Security Measures
• Unified Platform Integration
• Selective Integration Protocols
• Passive Infrastructure Hardening
.
The paradigm shift from concealment to resilience represents a fundamental evolution in critical infrastructure security. Rather than relying on obsolete airgap strategies, modern infrastructure must operate as an intelligent immune system—continuously detecting, isolating, and neutralising threats through automated physical responses that secure physical assets to protect digital operations.
.
– James Tan, Director Smart City Technology, GovTech Singapore
.

In this session, we explore the critical architecture required to facilitate secure third-party access within industrial environments. As connectivity evolves, the journey from a remote device through the cloud to the control layer necessitates a rigorous Defense-in-Depth strategy. We will deconstruct the security protocols at every transition point—analysing how traffic traverses the cloud, penetrates the IT firewall, and is scrutinised within the DMZ before reaching the sensitive control layer..
.
• Implement granular identity verification at the cloud entry point and the IT/OT boundary to ensure only authorised actors proceed
• Utilise the DMZ as a “buffer zone” to terminate external connections and re-establish them using secure, inspected protocols
• Establish end-to-end monitoring to detect anomalies as traffic moves across disparate network layers and firewall tiers
.
– Parameswaran Ganesan, Senior Engineer, OT Cyber Security, MODEC Offshore Production Systems (Singapore) / Offshore Frontier Solutions
.

In an increasingly complex threat landscape, traditional perimeter-based security models are no longer sufficient. In this session, we look into a real-world journey of adopting a Zero Trust security framework. Join us to explore the challenges, strategies, and successes encountered during a comprehensive transition from a legacy security posture to a robust, policy-driven Zero Trust architecture.
.
• Understanding the compelling reasons and business drivers that necessitate a shift to Zero Trust
• See how network segmentation, IAM, and device trust can be re-imagined
• Navigate common pitfalls, integrate new technologies, and manage organisational change
.
Kamran Rafiq, Senior Assistant Director, Cyber Security, MOH Office for Healthcare Transformation (MOHT), part of Singapore Public Healthcare
.

In the automotive industry, as with others, the traditional security perimeter has vanished. As vehicles evolve into hyper-connected nodes, the “castle-and-moat” approach is no longer fit for purpose. In this session, we explore the transition to an identity-centric security model, specifically tailored for the high-stakes automotive ecosystem. We will examine how to implement robust IAM and Zero Trust frameworks to ensuring safety and data integrity across the entire vehicle lifecycle.
.
• Transition from network-based security to granular, identity-based authentication
• Implement “never trust, always verify” principles to prevent lateral movement within the network
• Map Zero Trust strategies to ISO/SAE 21434 and UN R155 compliance requirements
.
– Kulsharest Jain, Manager/Cyber Architect, Mercedes-Benz Singapore
.

Join this interactive group discussion session with the whole audience with our expert moderator as we consider these questions.
.
• Why is burnout so prevalent in cyber security roles and what impact can it have on both the individual and the organisation?
• What practical strategies can help to reduce burnout in cyber security?
• How do we prioritise sustainability as much as resilience in our cyber security teams?
• What does a burnout-resistant cyber security culture look like?
.
– David Poh, Manager, Governance & Risk, Group Cyber Security, SMRT Corporation Ltd
.