New York, July 01, 2026 (GLOBE NEWSWIRE) — CISO, cybersecurity executive, and AI security strategist Professor Kai London is warning critical infrastructure leaders that the next major cyber crisis may not begin with stolen data, but with lost visibility, suspended access, and uncertainty about what is safe to operate.
“The next cyberattack may not steal the nation’s information. It may interrupt the nation’s heartbeat,” said Professor London.
Professor London argues that the centre of gravity in cyber risk is shifting from data loss to operational paralysis. In critical national infrastructure, attackers do not need to destroy everything. They only need to create enough uncertainty to slow decisions, suspend remote access, disrupt suppliers, force manual fallback, and make operators question what they can trust.
“In IT, a cyberattack can become a breach. In OT, a cyberattack can become a physical-world event. The control room is becoming the battlefield,” said Professor London.
Energy, water, aviation, transport, telecoms, ports, logistics, manufacturing, and industrial operators now rely on connected operational technology, including SCADA systems, PLCs, HMIs, engineering workstations, remote access tools, managed suppliers, cloud monitoring, and industrial IoT. That connectivity creates efficiency, but it also creates exposure.
Professor London says many CNI organisations are still preparing for yesterday’s cyber crisis: data theft, compliance failure, and reputational damage. The next crisis may involve degraded visibility, supplier compromise, engineering workstation lockout, identity takeover, remote-access abuse, segmentation failure, safety-system uncertainty, or delayed recovery of critical operations.
The Run Blind Test
Professor London is calling on every CNI board to ask one uncomfortable question:
Could we continue safe operations if our control systems, engineering workstations, supplier access routes, or monitoring data became untrusted?
He calls this the Run Blind Test. It challenges critical infrastructure operators to prove they can maintain safe operations when digital visibility is degraded, remote access is suspended, supplier support is unavailable, engineering systems are quarantined, and executives must make decisions with incomplete evidence.
“Cyber resilience is not what works on a normal day. Cyber resilience is what still works when the screens go dark, the supplier is locked out, and the board wants answers in real time,” said Professor London.
Five Shifts Before 2030
Professor London identifies five urgent shifts for CNI and OT leaders before 2030:
- From compliance to survivability: Compliance proves intent. Survivability proves capability.
- From asset lists to dependency intelligence: Boards need to know which systems, suppliers, identities, and remote-access paths can affect physical operations.
- From network diagrams to tested containment: Segmentation must be proven under attack conditions, not merely documented.
- From backup confidence to recovery evidence: A backup is not recovery. Recovery is the tested ability to restore safe operations under pressure.
- From incident response to wartime operating mode: Critical infrastructure must prepare for degraded operations, manual fallback, supplier lockout, crisis communications, and executive decision-making during uncertainty.
AI Will Compress the Crisis Window
Professor London also warns that AI-enabled cyber operations will compress the time available to respond.
Attackers can use AI to scale reconnaissance, phishing, impersonation, supplier deception, vulnerability analysis, malware development, and misinformation during disruption events. Defenders must use AI responsibly for anomaly detection, prioritisation, simulation, and faster decision support — but without creating new blind spots.
“AI will make cyber conflict faster, noisier, and more deceptive,” said Professor London. “Critical infrastructure cannot defend machine-speed threats with meeting-speed governance.”
The 2030 Standard
Professor London says the next standard for CNI cybersecurity will not be limited to whether an organisation had controls, policies, or audit reports.
The real questions will be:
Could you operate under attack?
Could you contain the blast radius?
Could you recover safely?
Could you prove what happened?
Could the public still trust you?
“If critical infrastructure cannot operate under cyber pressure, it is not resilient,” said Professor London. “It is only lucky.”
About Professor Kai London
Professor Kai London is a CISO, cybersecurity executive, AI security strategist, and board-level cyber resilience advisor with more than two decades of experience across critical national infrastructure, aviation, defence, government, healthcare, financial services, and regulated enterprise environments.
His work focuses on cyber resilience, operational technology security, AI security, zero trust, identity governance, ransomware readiness, operational continuity, digital trust, and executive cyber risk governance.
Professor Kai London
CISO | Cybersecurity Executive | AI Security Strategist | Board-Level Cyber Resilience Advisor
Website: https://professorkailondon.com/
Full Name of Media Contact: Michelle Sampson, Email Address: hello@professorkailondon.com
Professor Kai London

Professor Kai London
Disclaimer
The opinions expressed in this article are those of the author and do not necessarily reflect the views or positions of KISS PR or its partners. This content is provided for informational purposes only and should not be construed as legal, financial, or professional advice. KISS PR makes no representations as to the accuracy, completeness, correctness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.
- Professor Kai London – CNI OT Cyber Resilience Briefing
