This session provides a grounded view of the current OT cyber threat landscape, combining regional adversary activity with the regulatory and compliance pressure shaping industrial security programs. Attendees will learn how threat groups are targeting critical OT infrastructure, how those risks manifest across industries, and how governments are responding through evolving policies, standards, and enforcement. The session connects threat activity to regulatory expectations, helping attendees understand not just what they are up against, but how requirements are shifting in response.

Building on the regional threat landscape Rob Lee sets out, this session brings the picture sharply into focus for the APAC region. They move from the global view to the ground truth, drawing on real adversary activity observed across the region and the case studies that reveal how those threats actually play out inside industrial environments. Attendees will get an unflinching look at the specific threat groups and campaigns targeting OT in APAC, including emerging XOT (cross-domain IT/OT) threats, and the operational consequences when defenses fall short. Where the preceding session frames what's coming and how governments are responding, this one shows what it looks like when it lands close to home — turning abstract risk into concrete, sometimes uncomfortable, lessons that defenders can act on.

In this session, SANS Fellow Tim Conway — Technical Director of the SANS ICS and SCADA programs and co-author, with Robert M. Lee, of the Five ICS Cybersecurity Critical Controls — shows practitioners how to bridge the gap between regulatory compliance and genuine operational security. Drawing on analysis of real-world attacks against critical infrastructure, Conway demonstrates how requirements spanning IEC 62443 and various industry and regional regulations map directly onto the SANS 5 Critical Controls: an ICS-specific incident response plan, defensible architecture, network visibility and monitoring, secure remote access, and risk-based vulnerability management. Attendees will learn how to "ladder up" from foundational principles to practical implementation, building a compliance strategy that strengthens their security posture and protects safety and operational continuity rather than simply checking regulatory boxes.

With a clear picture of the threat landscape in place, this session turns to the question of program readiness. Attendees work through a structured self-assessment of their OT cybersecurity program against the SANS ICS 5 Critical Controls. Starting with a practical overview of the Five  Critical Controls and the OT Maturity framework, participants will benchmark where their program stands today. The goal is give you an honest picture of where progress is being made, where gaps exist, and what to prioritise next — and a foundation for the sessions that follow, where those insights will be put to work.

Hear directly from Dragos customers as they share their OT cybersecurity journey—the challenges they faced, the lessons they learned, and the successes they achieved along the way. This candid discussion and live Q&A delivers real-world insights into securing industrial environments, with practical takeaways from organisations that have navigated the complexities of OT security firsthand.

Moderated by Volven D'Souza, Director - CX APAC

Moderated by Hayley Turner, VP APAC Sales

When EDR blocked Akira on the servers, the affiliate didn't give up — it pivoted to an unmanaged IP camera, mounted the company's file shares to it, and ran the encryption from a device no one was watching. This session walks the kill chain step by step, then asks the uncomfortable question - does your security program reflect the environment you're actually running? We'll show how Dragos and Phosphorus now close the gap that made this attack possible.

Whether you are building the foundations of your OT security program or looking to accelerate an established one, this session takes participants inside the Dragos Platform to explore its purpose-built capabilities for OT environments. Attendees will see how the platform turns raw industrial data into actionable intelligence, powered by the Dragos Intelligence Fabric and how new AI capabilities help security teams investigate threats faster and prioritize with confidence. The session closes with a forward look at the product roadmap and where the platform is headed to meet the evolving requirements of securing OT infrastructure.

For years, OT cybersecurity has lived in the grey zone between technical risk and business consequence. That changes here. In this session, Dragos CEO Robert M. Lee and Marsh McLennan's Cyber Risk Intelligence Centre bring together threat intelligence and a decade of insurance claims data to put a dollar figure on what's at stake — and a clear framework for what to do about it. This is not a conversation about whether OT risk is real. It's a conversation about how much it costs, why most organisations are less prepared than they think, and what the SANS ICS 5 Critical Controls can do — measurably — to change that equation.

Open Q&A session with speakers from the day.

Join a hands-on tabletop exercise led by SANS Institute on Day 2 of the Forum led by Tim Conway. This interactive session is designed for technical practitioners, as well as senior leaders, operational planners, and communications stakeholders, and will walk participants through a realistic OT cyber incident scenario, challenging you to assess, respond, and make critical decisions in real time. Guided by SANS experts, you’ll gain practical experience in incident response, strengthen your understanding of OT-specific threats, and explore how different functions coordinate during a crisis, leaving with actionable insights to enhance your organisation’s security posture.