Agenda

KEY OPENING REMARKS

Securing Indonesia Emas 2045: Building Cyber Resilience for a Digitally Sovereign Nation

• Aligning cybersecurity priorities with Indonesia’s Vision 2045 agenda, ensuring that digital infrastructure, financial systems, and public services remain secure as the nation advances toward becoming a top global economy
• Strengthening foundational cyber capabilities across banking, telecommunications, smart infrastructure, and government platforms to support long-term economic transformation
• Integrating policy, enterprise governance, workforce development, and technology modernization into a unified national cybersecurity direction

Embedding Indonesia’s Personal Data Protection Law into Enterprise Security Architecture

• Translating UU No. 27/2022 requirements into enforceable technical controls including encryption standards, access lifecycle management, and real-time breach detection mechanisms
• Establishing internal governance structures that clearly assign accountability for data handling, third-party processing, and regulatory reporting
• Managing cross-border data hosting and cloud environments while maintaining compliance with Indonesian supervisory expectations

Digital Resilience in High-Availability Industries: When Downtime Is Not an Option

• Operational continuity requirements in financial services, payments, healthcare, and telecommunications where disruption directly impacts national stability
• Designing systems that maintain service integrity under partial compromise rather than assuming full prevention
• Measuring resilience performance through recovery capability and service restoration benchmarks

Governing Cloud Infrastructure in Multi-Provider and Hybrid Enterprise Environments

• Addressing misconfigured storage, exposed APIs, and unmanaged service accounts as primary breach entry vectors
• Managing infrastructure-as-code discipline and configuration drift in rapidly scaling environments
• Establishing continuous validation controls across development, deployment, and runtime layers

Agentic AI in Cybersecurity: Emerging Implications for Attack and Defence

• Increasing use of agentic AI systems capable of autonomously executing tasks such as reconnaissance, vulnerability identification, and adaptive phishing campaigns
• Growing integration of AI agents within security operations to assist with alert prioritization, investigation workflows, and automated response actions
• Establishing governance and accountability frameworks to manage operational dependence on AI-driven decision-making

The Modern CISO Mandate – Balancing National Compliance, Innovation, and Enterprise Resilience

• Navigating increasing regulatory scrutiny while enabling digital transformation across banking, fintech, telecommunications, and public sector ecosystems
• Aligning cybersecurity investment with board-level risk appetite and measurable business impact
• Strengthening collaboration between CISOs, risk officers, and executive leadership to drive enterprise-wide security accountability

Managing Public Sector Data Breaches and Large-Scale Information Exposure

• Strengthening incident transparency and breach notification discipline across government institutions
• Protecting national data repositories from mass exfiltration and credential compromise
• Rebuilding institutional trust following high-visibility breach events

Implementing Zero Trust in Complex Enterprise Environments: Lessons, Pitfalls, and Operational Realities

• Many organizations struggle with legacy infrastructure, fragmented identity systems, and inconsistent access governance, making Zero Trust adoption more complex than architectural diagrams suggest
• Over-reliance on technology tools without aligning internal processes, role definitions, and executive sponsorship often leads to partial or ineffective implementation
• Phased deployment strategies that prioritize identity hygiene, privileged access discipline, and network segmentation can create measurable progress without disrupting critical operations

Securing Operational Technology and Industrial Control Systems in Converged IT-OT Environments

• Integration of IT networks with industrial systems expanding exposure across manufacturing, utilities, and smart infrastructure
• Managing legacy protocols, real-time operational requirements, and safety-critical environments
• Bridging skill gaps between IT security teams and engineering operations personnel

Securing National Digital Identity Systems and Biometric Authentication Platforms

• Protecting biometric databases and authentication workflows from spoofing, replay, and synthetic identity manipulation
• Strengthening digital onboarding systems across banking, fintech, and public sector platforms
• Balancing user convenience with robust identity assurance and privacy protections

Endpoint Security in a Decentralized and Remote Enterprise Landscape

• Detecting credential harvesting, fileless malware, and endpoint persistence techniques targeting distributed workforce devices
• Managing visibility gaps created by contractor devices, unmanaged systems, and hybrid work models
• Strengthening endpoint telemetry integration into incident containment workflows

Developing a Security-First Organizational Culture with Measurable Impact

• Moving beyond awareness campaigns toward behaviour-driven risk measurement and accountability frameworks
• Embedding cybersecurity expectations into performance management and leadership oversight
• Aligning employee behaviour with enterprise resilience objectives

Digital Acceleration Without Structural Weakness – Engineering Security into Large-Scale Transformation

• Rapid cloud adoption, API expansion, platform integration, and ecosystem partnerships are increasing architectural complexity, often creating hidden dependencies that weaken long-term resilience
• Embedding security architecture at design stage—across identity models, data flows, and third-party integrations—rather than applying controls after product launch
• Establishing transformation governance frameworks where cybersecurity leadership participates in core product and infrastructure decisions, not only compliance validation

Ransomware Response and Recovery: Lessons from Regional Breaches and Operational Disruptions

• Escalating ransomware campaigns targeting healthcare, financial institutions, and public sector entities across Southeast Asia
• Decision-making frameworks for containment, negotiation, disclosure, and service restoration under operational pressure
• Post-incident recovery, regulatory reporting, and rebuilding stakeholder trust after large-scale compromise

Building Cybersecurity Talent Capacity to Support National Digital Growth

• Addressing skill shortages across security operations, cloud governance, and threat intelligence functions
• Strengthening collaboration between universities, certification bodies, and enterprise security teams
• Creating sustainable talent pipelines to support long-term digital transformation objectives

Intergovernmental and Cross-Border Cyber Cooperation in a Fragmented Threat Landscape

• Addressing jurisdictional complexity in transnational ransomware and financial cybercrime operations
• Aligning Indonesia’s cybersecurity strategy with ASEAN and global regulatory frameworks
• Building trust-based intelligence-sharing models between sovereign governments