ROCC26 SCHEDULE

Thursday, 27 August 2026 | Brisbane Powerhouse

Main Theatre

08:00 – 09:00

Registration

09:00 – 09:10

Opening

Wade Alcorn opens ROCC26 by framing the day ahead: why cyber risk now moves through supply chains, physical systems and the infrastructure Australians rely on every day, not just the network. That's why ROCC26 exists - getting the people building, operating and defending these systems in the same room, before a crisis forces it.

09:10 – 10:10

Keynote from the 29th Prime Minister

Former Prime Minister Malcolm Turnbull will deliver the ROCC26 keynote address, drawing on his experience across government, technology, business and national leadership.

The session will examine major issues shaping Australia's future in an increasingly connected and rapidly changing world. Further details will be announced closer to the event.

10:10 – 10:30

BREAK – Morning Break

10:30 – 10:45

You can't patch a human: when the endpoint is your brainstem

Biological Realm
We spent about thirty years learning to secure the enterprise. We have about five to secure the body, and unlike a server, you can't reboot or patch a human.

In 2011, a researcher hacked an insulin pump from across a room. By 2012, it was a pacemaker. Dick Cheney had his pacemaker disabled by the Secret Service, because "cardiac assassination via Bluetooth" became a real threat model. In January this year, ethical hackers rewrote the therapy schedule of an implanted neurostimulator from 15 metres away using a $35 transceiver. No password. No alarm. No log entry.

The attack surface moved from 150 centimetres to zero, yet governance is years behind. Over $1B has poured into brain-computer interfaces - with an Aussie player in the race.

Join me as I follow the money, the shrinking attack surface, and the question that they forgot to ask the cyber experts: when a neural implant is compromised, what exactly does a person lose?

10:45 – 11:00

ROCC26 Featured Presentation

Space Realm
This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

11:00 – 11:15

When AI Moves Faster Than Boundaries: Risk Appetite Is the New Perimeter

Cognitive Realm
Artificial intelligence is being adopted faster than most organisations can govern it. Success is measured in productivity, efficiency, and innovation, while risk appetite is often too broad or disconnected from the decisions driving AI adoption.

This presentation challenges the view that cyber security should lead every AI decision. AI risk is multi-domain, balancing cyber, legal, operational, financial, and workforce considerations. Cyber security becomes most influential when it helps organisations move forward safely, rather than simply saying no.

Attendees will leave with a practical framework for aligning AI governance to organisational risk appetite, enabling faster, better-informed decisions without losing sight of acceptable risk.

11:15 – 11:30

Managing AI risks and opportunities within Critical infrastructure

Air Realm
The explosion of AI capabilities presents new and emerging risks to IT networks, and is beyond comprehension for use within sensitive Operational Technology (OT) systems. However, with the pressure to adopt AI solutions to drive business efficiency, is there an opportunity within critical infrastructure organisations to safely leverage the benefits from AI capabilities?

This session will explore the potential for the safe use of AI to enhance OT system reliability, performance and security.

11:30 – 12:00

Panel Discussion

All four presenters from the session will come together for a fireside Q&A panel, giving attendees the opportunity to explore the themes, practical lessons and operational realities raised during the presentations.

12:00 – 13:30

BREAK – Lunch & Networking

13:30 – 13:45

The Enemy in the Org Chart: DPRK Use of AI Platforms in Workforce Infiltration

Cognitive Realm
Nation states and criminal syndicates are using AI platforms to generate, test, iterate and submit fraudulent identity documents and job applications to western organisations across every sector and size. Beyond the application stage, the same tools are used to translate communications, summarise meetings and assist operators in performing the work once hired. The sustained, systematic use of legitimate AI platforms to refine applications and execute employment fraud is a real and current threat -- one that receives far less attention than it deserves.

13:45 – 14:00

Wetware at the Edge of Cyber: Biological Compute Beyond the GPU

Biological Realm
As the cost of AI, cryptography, and large-scale security computation continues to rise, the cyber industry is increasingly dependent on power-hungry GPU infrastructure. Dr Hon Weng Chong, CEO and founder of Cortical Labs, will explore a radically different path: biological computing built from living neurons.

Cortical Labs' CL1 biological computer and Cortical Cloud platform point to a future where adaptive biological systems may complement, and in some cases challenge, traditional silicon-based compute. This session will examine what that could mean for cyber security, including real-time network penetration, closed-source 0-day exploit mitigation, true random number generation, and future approaches to training AI systems with less data than conventional methods.

Rather than treating biological compute as science fiction, Hon will frame it as an emerging sovereign technology with practical implications for resilience, energy use, and the next generation of secure computation.

14:00 – 14:15

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

14:15 – 14:30

Bridging the OT Divide

Land Realm
A talk about how building trust across the IT/OT boundary looks like; why risk management in OT requires a different mindset; and how operating model design can shape where and how security maturity spreads across the organisation.

14:30 – 15:00

Panel Discussion

All four presenters from the session will come together for a fireside Q&A panel, giving attendees the opportunity to explore the themes, practical lessons and operational realities raised during the presentations.

15:00 – 15:20

BREAK – Afternoon Break

15:20 – 15:35

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

15:35 – 15:50

How to make Australia more resilient to disinformation.

Cognitive Realm
In the grey-zone between conflict and peace, malign actors exploit identity, fear, anger, and social division to shape perception and behaviour.

This presentation examines how Australia can build cognitive resilience to disinformation by moving beyond fact-checking and engaging the same psychological terrain that disinformation targets: identity, emotion, belonging, and trust.

15:50 – 16:05

Silence Of The LANs - Protecting Critical Infrastructure from Going Dark

Cognitive Realm
This presentation explores the system environments found within Critical Infrastructure organisations, including SCADA, and the psychological profiles of the different types of cyber attackers targeting them. It examines why Critical Infrastructure has become such a high-value target, and why attacks are growing more common, before turning to practical approaches for reducing the risk of compromise. The session also covers the strategies needed to effectively respond to and recover from malicious attacks, and what it takes to maintain an effective, fit-for-purpose Cyber Incident Response Program for Critical Infrastructure organisations.

16:05 – 16:20

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

16:20 – 16:50

Panel Discussion

All four presenters from the session will come together for a fireside Q&A panel, giving attendees the opportunity to explore the themes, practical lessons and operational realities raised during the presentations.

16:50 – 17:00

Closing

Wade Alcorn closes ROCC26 by drawing the day's conversations together: the challenges raised, the lessons shared, and what they mean for building trusted capability for Australia moving forward.

17:00 – Late

Networking Event

Join us for drinks and networking immediately following the closing session.

OT Stream (Underground Theatre)

10:10 – 10:30

BREAK – Morning Break

10:30 – 10:45

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

10:45 – 11:00

Bridging IT and OT: Building Cyber Resilience for Critical Infrastructure

As critical infrastructure becomes increasingly connected, the challenge is not whether IT and Operational Technology (OT) should converge, it is how organisations can securely operate as one while maintaining safety, reliability and resilience. Many organisations continue to face challenges created by fragmented ownership, competing priorities, legacy environments and evolving regulatory obligations. At the same time, AI-enabled threats, sophisticated adversaries and growing executive accountability are raising expectations for cyber resilience across critical infrastructure.

Drawing on practical experience leading cyber transformation across Australia's critical infrastructure sectors, this session explores what it really takes to bridge the gap between IT, OT and the broader business. Attendees will gain practical insights into establishing clear governance, defining accountability, integrating cyber into operational decision-making, and building an operating model that enables resilience without compromising operational outcomes.

This session will present a pragmatic view of embedding cyber security as an enterprise capability to strengthen resilience in an increasingly complex threat and regulatory landscape.

11:00 – 11:15

PLC Honeypots: Turning Industrial Decoys into OT Threat Intelligence

Programmable Logic Controllers are the quiet workhorses behind industrial operations, but they are also increasingly visible to attackers targeting Operational Technology (OT) and cyber-physical systems. This session explores the practical use of PLC honeypots as a way to observe adversary behaviour, generate useful threat intelligence, and improve defensive readiness without placing production environments at risk. Drawing on EEHA Automation's experience across PLC, SCADA, control system integration, and industrial machinery automation in sectors such as mining, utilities, water, and manufacturing, the presentation will examine how realistic industrial decoys can be designed, deployed, monitored, and maintained. Attendees will gain a grounded view of what PLC honeypots can reveal, where they fit in an OT security programme, and the operational considerations needed to make them useful rather than just interesting.

11:15 – 11:30

Exciting Presenter

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

11:30 – 12:00

Panel Discussion

All four presenters from the session will come together for a fireside Q&A panel, giving attendees the opportunity to explore the themes, practical lessons and operational realities raised during the presentations.

12:00 – 13:30

BREAK – Lunch & Networking

13:30 – 13:45

Built Today, Defended for Decades

Australia is investing in critical infrastructure at a scale it has not seen before. Its national infrastructure pipeline is at a record high, tracking more than a trillion dollars of public and private investment across energy transmission, water, transport and communications, alongside the largest renewal of defence capability in a generation under AUKUS and continuous shipbuilding. The operational technology (OT) and cyber-physical systems (CPS) at the heart of that investment are being designed today, will be fielded over the coming decade, and are expected to run well into the 2050s and beyond. They will have to stay safe and survivable across a threat environment that will look nothing like the one that shaped their design.

13:45 – 14:00

Exciting Presenter

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

14:00 – 14:15

Technical Supply Chain Risk in Critical Infrastructure

Foreign Ownership, Control or Influence (FOCI) is often treated as a governance or compliance issue, but in critical infrastructure it can become a deeply technical problem. Who can access the build systems, remote management tools, support channels, firmware pipelines, cloud tenants, telemetry paths and maintenance networks that keep operational environments running?

This session takes a technical walk through how FOCI and supply chain exposure show up inside Operational Technology (OT) and Cyber-physical Systems (CPS), from vendor architecture and privileged access paths to software updates, managed service dependencies, data flows and recovery assumptions. Using technical implementations to manage foreign-based vendors currently deployed and in operation on critical infrastructure assets in ANZ, the presentation will examine practical design points for asset owners and operators: mapping influence paths, identifying concentration risk, designing technical controls, separating operational trust zones and translating sovereignty concerns into engineering decisions.

Attendees will leave with a clearer view of how foreign influence risk can move from corporate structure into technical dependency, and what defenders can do before procurement, integration and operations lock those risks in.

14:15 – 14:30

From Control Room to Courtroom

As cyber threats escalate, modern regulatory frameworks now hold executives and security leaders personally liable, including the threat of prison time for failing to protect Operational Technology (OT) environments. Drawing on a career that began in cyber, military systems, and encryption before almost 20 years in law, including serving as a director of the Australian Information Security Association (AISA). Nicole Murdoch will explain how to walk a tightrope between the control room and the courtroom, decoding the legal landmines embedded in OT security. This rapid-fire session will arm you with practical knowledge to align your technical reality and risk matrix with strict legal compliance, keeping your critical systems online and yourself out of a cell.

14:30 – 15:00

Panel Discussion

All four presenters from the session will come together for a fireside Q&A panel, giving attendees the opportunity to explore the themes, practical lessons and operational realities raised during the presentations.

15:00 – 15:20

BREAK – Afternoon Break


Lunch Session (Turbine Platform)

12:00 – 13:30

BREAK – Lunch & Networking

12:00 – 12:15

Facilitating Compromise: Ignorance is not bliss

System compromise by a trusted insider is a downstream problem to an upstream failure. Unpack the back engineering of Role Based Access Control and understand how information protection starts at a Board level long before a person even walks through the office door.

12:15 – 12:30

Exciting Presenter

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

12:30 – 12:45

Resilient Teams, Resilient Systems: Building an OT Cybersecurity Culture That Endures

There's an under-recognised epidemic quietly undermining Critical Infrastructure security, and it's not a zero-day: it's the slow breakdown of alignment between the people who run OT and the people who secure it. Critical Infrastructure security is a contact sport: engineering, operations, IT, vendors, and security all touch the same risk surface - but they operate with different incentives, language, and definitions of “success.” The result is predictable friction: enthusiastic engineers who want uplift collide with cyber teams that bring corporate patterns that don't fit safety-critical environments; IT assumes it owns identity and endpoints; OT assumes cyber is a blocker; vendors get treated as “necessary evil” instead of a managed risk relationship. ASD's Principles of Operational Technology Cybersecurity make this explicit: people are essential for OT cyber security - you can't prevent, detect, or respond without trained, competent people, and a safety-based culture where field staff are empowered to raise concerns. This talk is a practical blueprint for leaders and practitioners in CI to build a durable OT cybersecurity culture: how to identify and sponsor OT cyber champions inside engineering, how to reduce friction without watering down security outcomes, how to create pathways that convert engineers into credible OT cyber operators, and how to measure whether culture is actually improving.

12:45 – 13:00

ROCC26 Featured Presentation

This session will draw on the presenter's experience across cyber security, technology and industry to examine an issue relevant to Australia's evolving security environment.

Further details, including the presentation title and topic, will be announced closer to ROCC26.

13:00 – 13:30

Panel Discussion

All four presenters from the session will come together for a fireside Q&A panel, giving attendees the opportunity to explore the themes, practical lessons and operational realities raised during the presentations.