Securing the Pipeline
By the Alaska News Technology Desk
The systems that move oil through a pipeline, keep gas flowing and hold an electricity grid in balance were, for most of their history, isolated and mechanical. That era is over. “Operational technology in energy is now networked, remotely managed and exposed in ways its designers never imagined,” says Professor Kai London, a senior CISO who advises critical-infrastructure operators. “A cyber incident here is not an IT problem. It is a safety and continuity problem measured in physical consequences.”
“When a control system fails in energy, you are not looking at a slow website. You are looking at a valve that will not close or a supply that stops. OT security is safety engineering by another name.”
Why OT is harder than IT
Energy operators cannot simply copy corporate security onto industrial systems. Controllers were built for decades-long service lives and closed networks; many use protocols with no authentication and run software that cannot be easily patched. “You cannot bolt enterprise security onto a thirty-year-old controller,” London says. “You secure the environment around it — visibility, segmentation, access control — without disrupting the process it runs.”
The threat has left the theoretical
Across critical infrastructure, incidents have shown how an identity compromise, a vulnerable remote-access tool or a poisoned supplier update can reach the physical layer. “In almost every serious case, the decisive failure was an unmanaged identity, a flat network, or a supplier nobody was watching — not exotic malware,” London notes. “Those are governable problems.”
A board-level playbook
His recommendations are practical: build an accurate inventory of connected assets; segment ruthlessly so a business-network compromise cannot reach a controller; bring identity under control with strong authentication for every human and machine; govern the supply chain; and rehearse the incident before it happens. “Run the incident before it runs you,” he says. These map to recognised frameworks for industrial security and to resilience regimes such as NIS2.
The distributed challenge and the leadership gap
Energy assets sprawl across vast, remote geography, multiplying the attack surface and slowing response. And the scarcest resource, London argues, is leadership fluent in both OT engineering and boardroom governance — which is why interim and fractional CISO engagements have grown in the sector. “Many operators do not need a large permanent team,” he says. “They need the right senior hands to make OT security real, then leave something they can run.”
For a region whose economy runs on energy infrastructure stretched across demanding terrain, the message is clear: the pipelines and grids now depend on code as much as steel, and securing that code is inseparable from keeping the energy flowing.
About Professor Kai London. Professor Kai London is a senior technology, security and transformation executive with 25+ years of board- and C-suite leadership across banking, aviation, defence, government and critical national infrastructure. He is Founder & CEO of Quantum AI Systems Security, an Honorary Professor in Cybersecurity, AI & Quantum Computing and a UCL researcher, holding CISSP, CISM, CCISO, ISO 27001 Lead Auditor, ISO 42001, DORA and NIS2 credentials. He is available for board advisory, NED and interim/fractional CISO/CIO/CTO mandates across the UK and internationally. Learn more at professorkailondon.com.
