Australia’s critical infrastructure is the backbone of its economy and national security. To safeguard these essential assets, regulation has been created, most notably with the SOCI Act, and more recently with the Cyber Security Act. With many organisations still struggling to understand what these laws mean for them, our expert panel from various critical sectors will attempt to demystify the complex compliance landscape, through the lens of OT security.
• What are the practical challenges and opportunities in implementing a cohesive security strategy that meets regulatory requirements?
• What are the latest amendments and what they mean for your organisation’s obligations?
• How do we interpret the industry-specific suggestions in the SOCI Act?
• What does the Cyber Security Act mean for OT security specifically?
.
– Moderator: Junaid Chaudhry, Security Architect, Public Transport Authority of Western Australia
– John Edwards, Chief Cyber Security Officer,East Metropolitan Health Service
– Duné Sookloll, CISO, Horizon Power
– Dane Hobson, Head of Cyber Security,Western Power
– Chad Madaffari, Manager – Cyber Security, Water Corporation
.

Industrial organisations are struggling to manage this increasingly complex task because of three major issues:
.
• An expanding threat landscape, with more adversaries targeting OT systems and assets each year
• A growing attack surface as more OT systems require external connections for remote accessibility
• The lack of internal cyber security expertise focused on understanding and managing risk to the OT environment
.
This session presents actionable security strategies and tools that industrial organisations can leverage to effectively and efficiently manage the growing risk to their ICS environments.
.
– Phosphorus
.

OT environments, managing national critical infrastructure like utilities and energy, face escalating cyber threats. The ASD presents crucial insights into the evolving OT threat landscape and introduces the robust Ci-Fortify initiative. This session outlines the essential security principles of this initiative, and protective measures required to defend Industrial Control Systems.
.
• Strengthen your security posture in preparation for crisis
• Learn how you can utilise Ci-Fortify to help protect your critical systems, and the prep work that is needed
• Achieve long term stability by minimising the impact of disruption
.
– Heidi Hutchison, Assistant Director General Cyber Uplift Branch | Cyber Security Resilience Division, Australian Signals Directorate (ASD)

For years, the “shop floor” and the corporate network have operated in separate worlds. But as the lines between IT and OT blur, the need for robust, proactive OT asset management has become a critical imperative. This session is a deep dive into the practical realities of managing assets that control physical processes. We’ll move beyond theory to provide a clear roadmap for organisations grappling with a mix of modern and legacy systems, proprietary protocols, and the constant pressure for uptime.
.
• Build a comprehensive OT asset inventory and catalog your entire environment
• Assess risk and prioritize correctly to understand how to classify assets based on their criticality to production and safety
• Discover how to integrate your OT asset data with IT systems and tools for a unified view of risk, streamlining everything from maintenance scheduling to incident response
.

Australia’s critical infrastructure faces escalating, sophisticated threats, demanding a national strategy for resilience. In this session, we unpack the strategic response led by the Cyber and Infrastructure Security Centre (CISC) and the mandatory requirements of the SOCI Act 2018.
Join to gain vital insights to align your organisation’s security efforts with national security priorities.
.
• Hear about threat evolution and risk models targeting essential services
• Learn the CISC Framework for mandatory risk management programmes and security standards
• Understand the necessary OT security uplift to secure converged, modern OT environments
• Discover practical strategies for building resilience to ensure continuous service delivery and rapid recovery
.
– Brendan Dowling, Deputy Secretary Critical Infrastructure and Protective Security, Australian Department of Home Affairs
.

Organisations invest in password management tools to strengthen security, reduce credential-related risks, and meet compliance demands—but even the best solution can’t deliver full value without widespread end-user adoption. In this session, we explore why increasing password management is not just a security win – it’s a critical component of your organisation’s security posture. We also share practical strategies that IT and OT security leaders can use to encourage adoption across their workforce, reduce friction for users, and ensure secure password habits become second nature.
.

– Yusuf Denath, Manager Cyber Security and Acting Director of ICT, Child and Adolescent Health
Service (CAHS)
.

The promise of Industry 4.0 is to transform OT environments. In this session, we will guide attendees through the critical steps and best practices for adopting new and emerging technologies without compromising the safety and reliability of their operations. A session is designed for anyone involved in the digital transformation of industrial environments, join us to safely maximise your use of the latest tools in an OT context.
.
• Get up to speed with the latest technologies suited to your industrial environment
• Address concerns about adopting new tech by prioritising security
• Adopt a framework for safe integration… or develop your own!
.
– Penny Iverach, Senior Manager – Technology and Transformation, Port of Newcastle
.

With the increased convergence of IT and OT, user access management is now a key aspect of industrial security. Implementing a robust IAM framework is essential for mitigating insider threats to your OT network. This case study outlines our journey from a fragmented, insecure environment to a centrally managed, secure operational network. We will detail the step-by-step process of IAM implementation, highlighting the key decisions and technical solutions deployed.
.
• How to conduct a comprehensive assessment of OT assets, user roles, and access requirements to build a foundational understanding of the OT environment
• Hear about the criteria used to select an IAM solution that could handle the unique demands of OT
• Develop strategies for managing access during critical maintenance windows, ensuring production continuity
.
– Andrew Thyrd, Network and OT Security Manager, Sydney Airport
.

For too long, the focus in OT cyber security has been primarily on tech and tools. While technology is essential, statistics consistently show that the majority of security incidents still trace back to human error or procedural failures. In this session, we put the spotlight back to the foundational controls: people and process. We will explore how to build a mature, sustainable OT security programme by integrating security ownership into the daily workflow of engineers, operators, and maintenance teams.
.
• Establish clear roles and responsibilities that make security an operational requirement, not an IT mandate
• Develop targeted training programs that resonate with the OT mindset and improve incident response
• Create a security-aware culture where safe operation and secure operation are viewed as two sides of the same coin
.
– Brad Flanagan, Head of Digital Operations and Security, Essential Energy
.

The split between IT and OT in mining rail creates substantial obstacles, leading to conflicting priorities and vulnerabilities that threaten our core mission: safe, predictable, and continuous mineral transport. In this session, we focus on the essential cultural and organisational convergence, moving beyond mere technology integration. We share our practical playbook for transforming these two distinct departments into one unified, high-performing rail team.
.
• Create shared goals, establish joint governance for cyber security, and implement skill-bridging programmes
• Learn how unifying your IT and OT workforce is the crucial first step toward fully realising the potential of digital rail, including predictive maintenance and future autonomous operations
.
– Kevin Lill, Principal OT Rail Optimisation, Rio Tinto
.

.
T1:Risk Mindset: How Do We Bring OT Teams Around on Cyber Security?
– Chris O’Connor, Rail Systems Specialist Engineer Signals and Communications Rail Maintenance, Hancock Iron Ore
.
T2: T2. Visibility Challenge: Are We Monitoring the Right Industrial Protocols?
.
T3: T3. What Level of Cyber Due Diligence is Required for OT Vendors?
– Huon Curtis, Member of the Supply Chain Resilience Expert Advisory Group, Australian Department of Home Affairs & Health Industry Outreach Lead & Telecommunications Sector Lead, CI-ISAC Australia
.