Cyber Resilience Is Operational Safety: Professor Kai London on Security in the Energy Sector
By the Alaska News Technology Desk
In most industries, a cyber incident costs money and reputation. In energy, Professor Kai London argues, it can cost far more. “In this sector, cyber resilience and physical safety are the same conversation,” says the senior CISO. “A compromised control system can endanger people and the environment, not just data. That reframes security from an IT concern into a safety discipline.”
“Cyber resilience in energy is the new patient-safety metric of the industrial world. When the systems that keep operations safe run on software, securing that software is protecting lives.”
Where security meets safety
London points to the convergence of two once-separate disciplines. Safety engineering kept industrial processes from harming people; cyber security kept data safe. “Now that safety systems are digital and networked, the two have merged,” he says. “An attacker who can manipulate a control system can defeat a safety system. Treating cyber and safety as separate is no longer tenable.”
Resilience by design
Because failure in energy can be physical and irreversible, London stresses designing for resilience from the outset: assume systems will be attacked, contain the blast radius, and ensure safe operation can continue or fail safely even under compromise. “The goal is not a system that never gets attacked,” he says. “It is one that stays safe when it does.”
The board's safety duty
This framing, London argues, puts cyber squarely on the board's safety agenda. “Directors already understand their duty of care for physical safety,” he says. “They need to understand that, in a digital plant, cyber resilience is part of that same duty. The question ‘could a cyber incident hurt someone?’ now has a real answer.”
Practical steps
London recommends integrating cyber and safety governance, running joint exercises that test both, protecting safety-critical systems with the highest rigour, and ensuring incident response accounts for physical consequences. “Ask, for every critical system: if this is compromised, what is the worst physical outcome, and what stops it?” he says.
For a region where energy operations underpin daily life and safety, London's message is that securing the digital heart of that infrastructure is not a technical nicety — it is, increasingly, how the sector keeps its people and communities safe.
About Professor Kai London. Professor Kai London is a senior technology, security and transformation executive with 25+ years of board- and C-suite leadership across banking, aviation, defence, government and critical national infrastructure. He is Founder & CEO of Quantum AI Systems Security, an Honorary Professor in Cybersecurity, AI & Quantum Computing and a UCL researcher, holding CISSP, CISM, CCISO, ISO 27001 Lead Auditor, ISO 42001, DORA and NIS2 credentials. He is available for board advisory, NED and interim/fractional CISO/CIO/CTO mandates across the UK and internationally. Learn more at professorkailondon.com.
