Zero Trust for the Wilderness: Professor Kai London on Securing Distributed and Remote OT
y the Alaska News Technology Desk
The traditional security model assumed a defensible perimeter: keep the bad actors outside the wall. For energy operations scattered across remote terrain — wellheads, substations, pipelines, pumping stations — that wall never really existed. “You cannot draw a perimeter around a thousand miles of distributed infrastructure,” says Professor Kai London, a senior CISO. “Which is why zero trust is not a buzzword for these operators. It is a survival strategy.”
“Zero trust means one thing: never trust, always verify. No device, user or connection gets access on the strength of where it sits in the network. Every request is proven.”
Why remote OT breaks the old model
Remote sites rely on connectivity that reaches deep into control environments. Each of those links, London notes, is both essential and dangerous. “Every remote connection that lets an engineer manage a site also, if unguarded, lets an adversary reach it,” he says. Flat networks make it worse: once inside, an attacker roams freely.
Applying zero trust to OT — carefully
London is candid that zero trust must be adapted for operational technology, not imposed on it. Aggressive controls that disrupt a live process are unacceptable. The approach: strong authentication for every human and machine identity, micro-segmentation so a compromise cannot spread, least-privilege access, and continuous verification — all designed to respect the safety and availability constraints of industrial systems. “Security must never become the thing that trips the plant,” he says.
Identity is the new perimeter
In a distributed world, London argues, identity replaces geography as the boundary. “The question is no longer ‘is this device inside our network?’ but ‘is this identity verified, and is it allowed to do exactly this?’” That includes the fast-growing population of machine and automation identities connecting remote assets.
A phased path
London counsels a pragmatic rollout: gain visibility of every asset and connection first, segment the most critical control zones, harden remote access and identities, then extend continuous verification outward. “You do not achieve zero trust in a weekend,” he says. “You move toward it, control by control, starting with the systems whose compromise you could not tolerate.”
For operators whose infrastructure stretches beyond any wall, London's message is that the future of security is not a stronger perimeter but no assumed perimeter at all — every access earned, every time.
About Professor Kai London. Professor Kai London is a senior technology, security and transformation executive with 25+ years of board- and C-suite leadership across banking, aviation, defence, government and critical national infrastructure. He is Founder & CEO of Quantum AI Systems Security, an Honorary Professor in Cybersecurity, AI & Quantum Computing and a UCL researcher, holding CISSP, CISM, CCISO, ISO 27001 Lead Auditor, ISO 42001, DORA and NIS2 credentials. He is available for board advisory, NED and interim/fractional CISO/CIO/CTO mandates across the UK and internationally. Learn more at professorkailondon.com.
