Cyber-Physical Risk in the Age of AI: How Safety Leaders and Boards Can Protect Operational Technology – A Four Part Series

Posted on April 7, 2026 by Chet Brandon
Workers monitoring screens titled OT CYBER RISK: DUAL AI ROLES, AI DEFENSE SYSTEM, and AI ATTACK SIMULATION.
Two industrial workers monitor a high-stakes simulation showcasing the dual roles of AI in cybersecurity defense and attack.

Chet Brandon and Fay Feeney

Series Introduction

This four-part series examines how artificial intelligence is reshaping cyber risk in operational technology and what it means for industrial organizations. It brings together perspectives from safety leadership, cybersecurity, operations, and board governance to address cyber-physical risk as an enterprise issue. The series is co-authored by Chet Brandon, a global EHS and operational risk leader with deep experience in highly automated industrial environments, and Fay Feeney, an expert in board governance and enterprise risk oversight. Together, they connect plant-level realities with boardroom decision-making to provide practical strategies that strengthen resilience, protect operations, and improve risk-informed leadership.

Part 2 – AI and the Cyber Battlefield for Operational Technology

How Artificial Intelligence Is Reshaping Threats, Defense, and Governance

Introduction: AI Is Changing the Nature of Cyber Risk

Artificial intelligence is fundamentally altering the cyber risk landscape—and nowhere is this more consequential than in operational technology (OT) environments.

Historically, cyber attacks against industrial systems required deep expertise in both information technology and industrial control systems. Today, AI is lowering that barrier. It is enabling faster reconnaissance, more precise targeting, and increasingly automated attack execution. At the same time, AI is providing organizations with new tools to detect threats earlier, respond faster, and strengthen operational resilience.

This dual reality defines the modern cyber battlefield: AI is both amplifying the threat and transforming the defense. It has elevated cyber risk oversight from periodic review to dynamic, data-driven foresight

For industrial organizations, the implications are clear. Cyber risk is no longer just a technical issue—it is an operational, safety, and strategic risk that must be actively managed across the enterprise.

How AI Is Increasing Cyber Threats to Operational Technology

AI is accelerating the scale, speed, and sophistication of cyber attacks in ways that directly impact industrial operations.

One of the most significant shifts is in automated vulnerability discovery. AI-driven tools can rapidly scan complex networks, identify exposed assets, and detect weaknesses in system configurations. In OT environments—where systems are often interconnected, legacy-based, and difficult to patch—this creates a larger and more accessible attack surface. We have been managing the internet of things (IoT) and their security challenge since at least the mid‑2000s, and as a chronic enterprise governance issue since the early 2010s.

AI is also enabling more effective targeting of industrial systems. By analyzing system architectures, communication patterns, and process data, attackers can identify which assets are most critical to operations. This allows them to focus on high-impact targets such as distributed control systems, programmable logic controllers, and safety-related systems.

Another key development is the rise of automated attack development. AI can assist in generating exploit code, refining attack pathways, and adapting strategies in real time based on system responses. This reduces the time and expertise required to launch sophisticated attacks.

Another critical—and often underestimated—dimension is the rise of AI-enabled social engineering. Attackers are increasingly using AI to craft highly targeted phishing campaigns, impersonate trusted personnel, and exploit human behavior to gain initial access to systems. Social engineering now represents the primary entry point for most cyber incidents, with the majority of breaches involving human interaction rather than direct technical exploitation. In industrial environments—where operators, engineers, and third-party vendors interact across IT and OT systems—these attacks can provide a pathway into otherwise well-protected networks, making the human element a critical component of cyber-physical risk. This expands the attack surface beyond technology to include people and processes—reinforcing that cyber-physical risk is not purely a technical challenge, but one that requires integration of cybersecurity, operational discipline, and human performance.

These capabilities are particularly concerning when combined with the resources of nation-state actors and organized cyber groups. AI allows these actors to coordinate multi-stage campaigns that move from initial access to operational disruption more efficiently than ever before.

The result is a new category of risk: cyber attacks that are not just disruptive to data, but capable of causing real economic damage and physical consequences.

From Cyber Intrusion to Physical Impact

The defining characteristic of OT cyber risk is its ability to cross from the digital world into the physical world.

AI-enabled attacks can manipulate process conditions, interfere with control logic, or degrade system visibility in ways that directly impact how industrial systems behave. In highly automated environments, even small changes to sensor inputs, control parameters, control logic, or alarm functions can create cascading effects across interconnected processes. These disruptions often occur without immediate detection, allowing abnormal conditions to develop before operators can intervene.

In practice, this can lead to a range of high-consequence outcomes:

  • Unstable operating conditions
    Manipulation of setpoints, sensor readings, or control loops can push processes outside of safe operating limits. For example, false temperature or pressure signals may cause systems to overcompensate, resulting in oscillations, loss of control stability, or drift into unsafe process states.
  • Equipment damage
    Altered control logic or delayed shutdown responses can expose equipment to conditions beyond design tolerances. Overpressure, overheating, improper sequencing, or mechanical overstress can degrade or permanently damage critical assets such as reactors, compressors, turbines, or rotating equipment.
  • Production shutdowns
    Loss of control system integrity or uncertainty about system status often forces operators to initiate precautionary shutdowns. In some cases, automated trips or interlocks may activate unexpectedly, halting production. Restarting complex industrial systems can be time-consuming and requires careful validation to ensure safe conditions.
  • Environmental releases
    Disruptions to process control or safety systems can lead to loss of containment of hazardous materials. This may include uncontrolled emissions, leaks, or spills, particularly if detection systems or alarms are compromised or delayed.
  • Serious injury or fatality (SIF) risks
    The most critical consequence arises when cyber manipulation affects systems designed to protect people. Disabled alarms, altered interlocks, or incorrect process data can place workers in hazardous conditions without adequate warning, increasing the likelihood of severe incidents.

Unlike traditional IT incidents, these outcomes unfold in real time within physical systems and often under conditions of incomplete or misleading information. Operators may be forced to make rapid decisions without full visibility into system status, increasing the complexity and risk of response actions. This dynamic reinforces the need for integrated approaches that combine cybersecurity, process safety, and operational discipline to manage cyber-physical threats effectively.

AI increases this risk by enabling attackers to better understand how industrial processes operate—and how to disrupt them in ways that maximize impact.

For organizations, this reinforces a critical point: cybersecurity in OT environments is fundamentally about operational integrity and safety.

How AI Can Strengthen Defense in OT Environments

While AI is increasing the threat, it is also providing powerful tools for defense.

One of the most impactful applications is advanced anomaly detection. AI systems can analyze large volumes of operational data—sensor readings, control system outputs, and network activity—to identify subtle deviations from normal behavior. These deviations may indicate early-stage cyber activity or manipulation of system conditions.

This capability is particularly valuable in OT environments, where traditional signature-based detection methods are often insufficient.

AI also enhances vulnerability management and risk prioritization. By correlating asset criticality, system exposure, and threat intelligence, AI can help organizations identify which vulnerabilities pose the greatest operational risk. This enables more focused and effective mitigation efforts.

In addition, AI supports continuous monitoring of system integrity, helping organizations detect changes in control logic, unauthorized access attempts, or abnormal communication patterns.

These capabilities shift cybersecurity from a reactive posture to a more predictive and proactive model.

AI and the Future of Incident Response and Recovery

AI is also transforming how organizations respond to and recover from cyber incidents.

In the event of a disruption, AI can assist in rapid analysis of system data, helping teams identify the scope of an intrusion, isolate affected systems, and determine appropriate response actions. This reduces the time required to stabilize operations. As we’ve recently seen with a Hasbro cyberattack, it provides segregation of risk to only take impacted operations offline. This allows business to work around the affected portion of the system.

AI can also support scenario modeling and simulation. By using digital models of industrial systems, organizations can simulate how cyber incidents might unfold and test response strategies in advance. This strengthens both emergency preparedness and business continuity planning.

During recovery, AI can help guide the safe restoration of operations by analyzing system conditions, verifying configurations, and identifying potential risks associated with restart activities.

In complex industrial environments, where recovery must be carefully managed to avoid additional hazards, this capability is especially valuable.

Enabling Better Decision-Making at the Board Level

AI is not only transforming operations—it is also enhancing how organizations govern cyber risk.

Boards of directors are increasingly expected to oversee cyber-physical risk as a core enterprise issue. To do this effectively, they need clear, actionable insights that connect technical risk indicators to business outcomes.

AI can support this by aggregating data from across the organization—OT systems, cybersecurity platforms, operational metrics, and risk assessments—and translating it into decision-ready information.

AI-enabled dashboards can provide visibility into:

  • asset criticality and exposure
  • vulnerability trends
  • incident detection performance
  • resilience testing outcomes
  • potential business impact scenarios

AI can also support scenario analysis, helping boards understand how different types of cyber incidents could affect operations, safety, and financial performance.

This allows directors to make more informed decisions about risk appetite, resource allocation, and strategic priorities.

Importantly, AI enhances governance—it does not replace it. Effective oversight still depends on informed judgment, director expertise, strong leadership, and alignment between operational realities and strategic decision-making.

We will delve deeper in to the Board level actions to control cyber risk in Operational Technology in Part 4 of this series.

Integrating AI into a Cyber-Physical Risk Strategy

The true value of AI emerges when it is integrated into a broader risk management framework.

The introduction of AI into operations is happening faster than organizations change yet today they can focus on:

  • Aligning AI tools with operational risk priorities
    Establish risk-based use cases by mapping AI applications to high-consequence operational scenarios (e.g., SIF exposure, critical asset failure, business interruption), ensuring AI investments target the most impactful risks.
  • Integrating cybersecurity with safety and process risk management
    Embed cyber threat scenarios into existing safety frameworks such as PHA, HAZOP, and LOPA, and create cross-functional teams that jointly assess cyber-physical risks and define coordinated mitigation strategies.
  • Ensuring data quality and system visibility
    Develop a unified data architecture that integrates OT, IT, and safety system data, and implement data governance practices that ensure accuracy, completeness, and real-time visibility into critical operational conditions.
  • Establishing governance structures for AI use
    Define clear accountability for AI deployment, validation, and monitoring through formal governance processes aligned with enterprise risk management and board oversight expectations.
  • Maintaining human oversight and decision-making authority
    Implement human-in-the-loop controls for AI-driven insights, ensuring that critical operational and safety decisions are reviewed and validated by qualified personnel before execution.

Safety professionals, cybersecurity experts, and operational leaders must work together to ensure that AI-driven insights are translated into practical actions that enhance system safety, strengthen resilience, and reduce operational risk.

Conclusion: Navigating the AI-Driven Risk Landscape

Artificial intelligence is redefining both sides of the cyber risk equation. It is enabling more sophisticated attacks on operational technology, while also providing new capabilities to defend, detect, and recover from those threats.

For industrial organizations, the challenge is not simply to adopt AI, but to apply it effectively within the context of operational risk, safety, and governance.

Those that succeed will be organizations that:

  • understand the physical consequences of cyber threats
  • leverage AI to enhance visibility and decision-making
  • integrate safety, cybersecurity, and operational resilience
  • align plant-level insights with board-level oversight

In the next part of this series, we move from strategy to execution—examining how safety professionals and EHS leaders can operationalize these concepts through structured risk management practices, metrics, and systems that support effective decision-making.

Looking Ahead to Part 3

AI is reshaping both cyber threats and defenses—but technology alone is not enough. The real value comes from how organizations integrate these capabilities into their risk management systems.

In Part 3, we move to execution—showing how safety professionals translate cyber-physical risk into practical frameworks, metrics, and actions that strengthen protection and resilience.

Unknown's avatar

About Chet Brandon

I am a highly experienced Environmental, Health, Safety & Sustainability Professional for Fortune 500 Companies. I love the challenge of ensuring EHS&S excellence in process, manufacturing, and other heavy industry settings. The connection of EHS to Sustainability is a fascinating subject for me. I believe that the future of industrial organizations depends on the adoption of sustainable practices.
This entry was posted in AI, enterprise risk management, Technical Skills and tagged , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Please leave me a comment. I am very interested in what you think.