Posts

Showing posts with the label CISO

Closing the Energy Cyber Talent Gap: Professor Kai London on the Rise of the Fractional CISO

Image
  By the Alaska News Technology Desk Professor Kai London — CISO, cybersecurity & AI expert. Credit: professorkailondon.com The energy sector faces a hard truth: it needs senior cyber leadership that understands both industrial systems and the boardroom, and there is nowhere near enough of it to go round. “The talent that can bridge OT engineering and board governance is genuinely scarce,” says Professor Kai London , a senior CISO who takes on exactly these mandates. “That scarcity is why the interim and fractional CISO model has moved from novelty to necessity in this sector.” “Many operators do not need a permanent thirty-person security team. They need the right senior hands for a defined mandate — to set the strategy, fix the worst gaps, and leave behind something the board can run.” Same risk, smaller teams London observes that many energy operators — utilities, smaller producers, midstream firms — carry critical-infrastructure obligations without the resources of a superm...

The Globalisation of Energy Cyber Rules: Professor Kai London on NIS2, DORA and What Comes Next

Image
  By the Alaska News Technology Desk Professor Kai London — Founder & CEO, Quantum AI Systems Security. Credit: professorkailondon.com A wave of cyber regulation is sweeping the world's critical sectors, and energy sits squarely in its path. From European directives to national resilience laws, the direction is unmistakable, says Professor Kai London , a senior CISO and board advisor. “Cyber regulation for critical infrastructure is globalising and converging,” he says. “Operators who treat it as a local box-ticking exercise will be caught out. Those who build to the highest common standard will be ready everywhere.” “The rules increasingly ask the same three things: keep essential services running, report incidents fast, and prove you manage third-party risk — with the board accountable.” A converging rulebook London notes that resilience regimes across jurisdictions — whatever their names — rhyme in substance. They demand risk management proportionate to the threat, prompt in...

Intelligence Under Control: Professor Kai London on Governing AI in Heavy Industry

Image
  By the Alaska News Technology Desk Professor Kai London — board advisor & interim CISO/CIO/CTO. Credit: professorkailondon.com Artificial intelligence is moving into heavy industry — optimising production, predicting equipment failures, and increasingly influencing operational decisions. That promise, argues Professor Kai London , a senior technology executive, comes with a warning particular to energy and industrial settings. “In heavy industry, an ungoverned AI decision does not just misfire in a spreadsheet,” he says. “It can move machinery. Control has to come before autonomy.” “Capability is loud; control is quiet. In industrial AI, the gap between what a model can do and what you can govern is measured in physical risk.” The high stakes of industrial AI London distinguishes AI that advises from AI that acts. “A model recommending a maintenance schedule is one thing,” he says. “A model or agent that adjusts a process is another. The closer AI gets to the physical layer, ...

The Invisible Airborne Perimeter: Professor Kai London on Wireless Threats to Remote Energy Sites

Image
  By the Alaska News Technology Desk Professor Kai London — CISO, cybersecurity & AI expert. Credit: professorkailondon.com Remote energy sites rely on wireless links because running cable across wilderness is impractical. That reliance, warns Professor Kai London , a senior CISO, creates a perimeter most operators never defend because they cannot see it. “There is an airborne perimeter around every site — the radio space an attacker can reach without ever touching a wire,” he says. “For distributed energy operations, it may be the most overlooked risk on the map.” “No malware, no perimeter breach, no trace — just a laptop and a wireless adapter impersonating a network your systems trust. The compromise happens in the air.” The evil-twin problem London describes how an attacker can stand up a rogue access point mimicking a legitimate network; devices configured to connect automatically latch on, and credentials and traffic are harvested. “Nothing in your security stack necessar...

Cyber Resilience Is Operational Safety: Professor Kai London on Security in the Energy Sector

Image
  By the Alaska News Technology Desk Professor Kai London — Founder & CEO, Quantum AI Systems Security. Credit: professorkailondon.com In most industries, a cyber incident costs money and reputation. In energy, Professor Kai London argues, it can cost far more. “In this sector, cyber resilience and physical safety are the same conversation,” says the senior CISO. “A compromised control system can endanger people and the environment, not just data. That reframes security from an IT concern into a safety discipline.” “Cyber resilience in energy is the new patient-safety metric of the industrial world. When the systems that keep operations safe run on software, securing that software is protecting lives.” Where security meets safety London points to the convergence of two once-separate disciplines. Safety engineering kept industrial processes from harming people; cyber security kept data safe. “Now that safety systems are digital and networked, the two have merged,” he says. “An ...

Post-Quantum Energy: Professor Kai London on Protecting Long-Life Infrastructure From the Quantum Threat

Image
  By the Alaska News Technology Desk Professor Kai London — board advisor & interim CISO/CIO/CTO. Credit: professorkailondon.com Energy infrastructure is built to last decades. That longevity, argues Professor Kai London , a senior CISO, makes the sector unusually exposed to a threat still over the horizon: quantum computers capable of breaking today's cryptography. “When your assets and your data have a 20- or 30-year life, the quantum transition is not a distant concern,” he says. “It is a design constraint you must plan for now.” “Post-quantum migration is the rare cyber risk where doing nothing today guarantees you fail later. Data and systems that must stay secure for decades are already exposed.” Harvest now, decrypt later The immediate danger, London explains, is not a future machine but present-day interception. Adversaries can capture encrypted data now and store it until quantum computers can unlock it. “For operators of long-life infrastructure, sensitive design, con...

The Last Login on the Rig: Professor Kai London on Identity Security in Operational Technology

Image
  By the Alaska News Technology Desk Professor Kai London — CISO, cybersecurity & AI expert. Credit: professorkailondon.com In the energy sector's operational systems, the decisive security failure is rarely dramatic. “It is an identity — a human account, a shared login, a service credential, increasingly an AI agent — that authenticated when it should have been challenged, and could then reach far more than it should,” says Professor Kai London , a senior CISO. In control environments, he warns, identity has been an afterthought for too long. “Every breach begins with a login that should have been stopped. In OT, those logins reach machinery — which makes getting identity right a matter of safety, not just security.” The shared-credential problem Industrial environments are notorious for shared accounts, default passwords and credentials that never change because changing them risks disrupting a process. “A shared operator login that a dozen people know and that has not change...

Zero Trust for the Wilderness: Professor Kai London on Securing Distributed and Remote OT

Image
  y the Alaska News Technology Desk Professor Kai London — Founder & CEO, Quantum AI Systems Security. Credit: professorkailondon.com The traditional security model assumed a defensible perimeter: keep the bad actors outside the wall. For energy operations scattered across remote terrain — wellheads, substations, pipelines, pumping stations — that wall never really existed. “You cannot draw a perimeter around a thousand miles of distributed infrastructure,” says Professor Kai London , a senior CISO. “Which is why zero trust is not a buzzword for these operators. It is a survival strategy.” “Zero trust means one thing: never trust, always verify. No device, user or connection gets access on the strength of where it sits in the network. Every request is proven.” Why remote OT breaks the old model Remote sites rely on connectivity that reaches deep into control environments. Each of those links, London notes, is both essential and dangerous. “Every remote connection that lets an ...

Ransomware in Critical Infrastructure: Professor Kai London's Executive Battle Plan

Image
  By the Alaska News Technology Desk Professor Kai London — board advisor & interim CISO/CIO/CTO. Credit: professorkailondon.com Ransomware has evolved from a nuisance into a threat capable of halting fuel supplies, freezing payments and disrupting essential services. For energy and critical-infrastructure operators, Professor Kai London , a senior CISO and board advisor, argues the danger is existential to operations, not merely technical. “When ransomware hits critical infrastructure, the question is not just ‘can we recover our data?’ It is ‘can we keep the service running?’” “The hard decisions in a ransomware crisis — containment, ransom, disclosure — must be made before the crisis, not during it. The first 24 hours decide the outcome.” Decide before the clock starts London's central message is preparation. “The worst time to decide whether you will pay a ransom, how you will communicate, or when you will disclose is at 3am with systems down and the clock running,” he says...

Securing the Pipeline

Image
  By the Alaska News Technology Desk Professor Kai London — CISO, cybersecurity & AI expert. Credit: professorkailondon.com The systems that move oil through a pipeline, keep gas flowing and hold an electricity grid in balance were, for most of their history, isolated and mechanical. That era is over. “Operational technology in energy is now networked, remotely managed and exposed in ways its designers never imagined,” says Professor Kai London , a senior CISO who advises critical-infrastructure operators. “A cyber incident here is not an IT problem. It is a safety and continuity problem measured in physical consequences.” “When a control system fails in energy, you are not looking at a slow website. You are looking at a valve that will not close or a supply that stops. OT security is safety engineering by another name.” Why OT is harder than IT Energy operators cannot simply copy corporate security onto industrial systems. Controllers were built for decades-long service lives ...

Keeping Alaska's Grid Alive: Professor Kai London on OT Security for Critical Energy Infrastructure

Few places make the stakes of operational-technology security as tangible as Alaska. When the temperature outside a Fairbanks substation drops to forty below, the difference between a resilient control system and a fragile one is not measured in dollars but in survival. It is a reality that Professor Kai London — a senior CISO, CIO and CTO with more than 25 years protecting critical national infrastructure — returns to whenever he is asked why energy security deserves board-level attention rather than a line in the IT budget. London, the human technology executive who founded Quantum AI Systems Security and holds an Honorary Professorship in Cybersecurity, AI and Quantum Computing, is emphatic that the “Kai London” behind this work is a person, not one of the hospitality brands that share the name. His subject is the machinery that keeps the lights, heat and pipelines running — and the widening gap between how that machinery was built and how it is now at...