7 conversations OT leaders are bringing to AISS 2025
Prayukth KV
3. November 2025
7 conversations OT leaders are bringing to AISS 2025
The chatter has already started. Last weekend I was having a chat with a security leader from a leading manufacturer in India and he told me that he expected a lot more to happen at the DSCI Annual Information Security Summit (AISS) 2025 Summit this year. The reason is simple, a lot has happened since 2024 and we have seen more cyber events thus far this year than ever before and we have roughly another month and half to go before we bid farewell to 2025. There is a lot to talk about and discuss.
For those of us at Shieldworkz, we live and breathe OT security. We are excited and looking forward to the event
As OT leaders, CISOs, and plant managers prepare to gather at the Pullman Aerocity, the discussions won't just be theoretical and academic. But they will be about countering the threats, ensuring resilience, and reclaiming control. Based on the cyber events and threats we're tracking, here is what we at Shieldworkz believe will dominate the OT security agenda at AISS 2025. Do feel free to share your thoughts and priorities as well.
Increasing number of events
The number of cyber events witnessed by OT operators have grown significantly in the last 10 months. We have seen threat actors breach all kinds of networks and shut down plants, supply lines, airports and renewable energy sub stations. The rising number of events points to the growing maturity levels that threat actors are able to sustain during short attack cycles. In most of the instances where threat actors have been successful, the victim businesses have lost data and production cycles due to prolonged shut downs.
Discussions on this topic will converge around understanding the types of attacks, origin and measures to contain them.
Delayed response to incidents
As we have seen in the case of both Jaguar Land Rover and European Airports, the delay in response to the cyber incident created a new set of challenges for the respective entities involved. This underscores the importance of having a tried and tested incident response plan along with high levels of employee training and sensitisation.
The AI arms race: how to fight "Agentic-AI" with Agentic-AI
The Threat: We're seeing attackers use AI to speed up discovery, find vulnerabilities in industrial protocols, and craft sophisticated "data manipulation" attacks that are incredibly hard to detect. They’re no longer just trying to break in; they're trying to subtly change process values or mask alerts.
The Shieldworkz Perspective: You can't fight an automated threat with a manual. The only answer to malicious AI is a defensive AI. This is where the conversation shifts to agentic-AI and advanced Network Detection and Response (NDR). We’ll be discussing how AI-driven platforms can autonomously learn the unique "physics" of a plant's operations. This way, it’s not just looking for known malware signatures; it’s spotting anomalous actions that could create problems such as a valve pressure changing at a time it never should.
In the OT environment, threat actors can use AI to discover attack paths linked to vulnerabilities while defenders can use AI to detect and address attack paths. The use cases linked to use of AI will be of much interest to OT security leaders attending AISS 2025.
Taming IIoT: Moving from "connected assets" to "visible and secured assets"
One of the summit's main tracks is "Connected Industrial Assets." For OT leaders, this "connection" is both a blessing and a massive headache.
The threat: Every new IIoT sensor, wireless gateway, and smart device added for efficiency creates a new, often unmonitored, entry point. Our 2025 OT/ICS Threat Report highlights an explosion in "wireless blind spots." Attackers are using deauthentication storms and other RF-based attacks to disrupt processes in ways that traditional IT security tools can't even see.
The Shieldworkz perspective: The days of "if it works, don't touch it" are behind us. The new mantra is "complete visibility." The conversations at AISS will be about how to achieve this. But it will be more about moving beyond traditional asset management measures to get a complete, real-time asset inventory. We'll be talking about integrating IT, OT, and IIoT monitoring into a single pane of glass and, crucially, how to do it without taking critical systems offline.
Geopolitics on the plant floor
When AISS lists "Geopolitics & Cyber Diplomacy" as a key theme, it’s not just for the teams from the public sector.
The Threat: Critical infrastructure viz., power, water, oil and gas, and manufacturing is no longer just a target; it is the target in geopolitical conflicts. These are state-sponsored attacks with the goal of causing physical disruption and economic damage. In the battle for geo political supremacy, all assets and networks are either targets or conduits. Prolonged cold conflicts can create situations where the shop floor and other OT assets are constantly targeted.
The Shieldworkz perspective: The plant floor is the new virtual frontline. The discussion in Delhi will be about building national resilience, one facility at a time. This means hardening systems not just against criminals, but against nation-states. It reinforces the need for robust, defensible architectures based on proven standards.
Looking ahead of a checklist: Complying with IEC 62443
The AISS theme of "Security and Privacy Governance" takes on a slightly different meaning in the OT world.
The threat: For years, many industrial operators have tried to "air gap" their way to security or apply IT-centric frameworks to an OT environment. The result? A fragile, non-compliant and complex mix of security measures where default credentials (like on SSH/Telnet) remain a top vulnerability.
The Shieldworkz Perspective: A check-box compliance audit isn't security. The real conversation is about operationalizing world-class standards like IEC 62443 and NIST SP 800-82. This isn't just a CISO's job; it's an engineering and operations job. We expect deep-dive discussions on how to implement practical Zero-Trust micro-segmentation on a live production network and how to build a security culture that extends from the boardroom to the control room.
Response and resiliency should equate to speed and accuracy
This is perhaps the most urgent topic. The AISS theme of "Response and Resiliency" is a direct response to a terrifying new metric.
The Threat: Our threat intelligence shows that sophisticated attackers can now move from initial access to full process-control compromise in less than 24 hours. The window to detect and respond has all but vanished.
The Shieldworkz Perspective: The conversation must shift from "preventing breaches" (which is impossible) to "surviving breaches." Resiliency is about speed. We’ll be talking with leaders about proactive incident readiness. This means quarterly tabletop exercises, having an OT-specific incident response plan (not an IT one), and having the technology to isolate a compromised segment of your plant in minutes, not days.
Wrapping it up
AISS 2025 in Delhi won't just be another conference for security leaders. For the OT community, it is a critical rallying point. The challenges are massive, but the technology, the frameworks, and the leadership focus will be firmly in alignment for the eco-system to work together in 2026 and yield tangible results.
We at Shieldworkz are incredibly excited to be part of this dialogue, share our insights, and learn from the best in the industry.
Are you an OT or industrial security leader attending AISS 2025? The conversations in the hallways are often the most valuable. Join us at We would love to connect and compare notes.
Can't make it to Delhi? You can get a head start by downloading the Shieldworkz 2025 OT/ICS & IoT Cybersecurity Threat Landscape Report. This is the data that will be driving these critical discussions.
