Agencies set guardrails for safe AI in operational systems

AI in Operational Technology: What Ops Leaders Need to Do Now

On Dec. 3, U.S. and international agencies released guidance for bringing artificial intelligence into operational technology. The goal: help critical infrastructure owners and operators deploy AI in a way that is safe, secure, and actually useful.

The guidance centers on four principles: know the unique risks AI introduces to OT; prove the business case and secure OT data; establish governance and assurance; and build safety and security into every AI-enabled system.

Why this matters for Operations

OT runs physical processes. If AI makes a wrong call, you're not just dealing with bad data - you're dealing with downtime, safety issues, and compliance exposure.

Think energy control, HVAC, life-safety systems, door access, physical security, and alarms. AI can help with anomaly detection, forecasting, and optimization - but only if it's implemented with guardrails.

The four principles, translated for Ops

• Map the unique risks and impacts in OT
  Identify where AI decisions could affect safety, availability, or quality. Watch for model errors, sensor spoofing, data drift, and unsafe control outputs. Treat AI components like any other OT asset: inventory, criticality, and risk rating.
• Prove the business case and secure OT data
  Define the KPI: fewer false alarms, reduced energy use, faster root cause, lower unplanned downtime. Pilot in shadow mode before closing control loops. Limit, segment, and encrypt OT data flows; avoid exporting sensitive process data to unmanaged environments.
• Set governance and assurance
  Assign clear ownership across Ops, Engineering, Cyber, and Safety. Require change control, model inventories, and documented test plans. Get third-party or internal assurance for high-impact use cases.
• Embed safety and security from day one
  Build fail-safe defaults, manual overrides, and rate limits. Apply least privilege to AI services and connectors. Monitor models and inputs in real time; alert on drift and anomalies. Prepare incident playbooks that include AI failure modes.

A practical rollout checklist

• Inventory AI candidates across SCADA, BMS, access control, and safety systems.
• Define the decision boundary: advisory-only vs. semi/fully automated control.
• Quantify value with a baseline and target KPIs; set go/no-go thresholds.
• Map data: sources, sensitivity, retention, and cross-zone transfers.
• Segment networks; use OT DMZs or one-way gateways for any external AI services.
• Run shadow mode pilots; compare AI outputs to operator decisions and safe ranges.
• Create a safety case: hazards, mitigations, interlocks, and fallback states.
• Test failure modes: bad inputs, unavailable models, latency spikes, model rollback.
• Log and trace: signed configs, versioned models, audit trails, and tamper alerts.
• Train operators and engineers; update SOPs and post quick-reference guides at consoles.

Technical controls that pay off

• Network allowlisting for model endpoints and data collectors.
• Signed and hashed models/configurations; verify before deploy.
• Zero-trust access for AI services and connectors; short-lived credentials.
• Input validation and output guardrails to keep values inside safe ranges.
• Model and data drift detection; auto-revert to last known good or manual mode.
• Tight vendor controls: SBOM, patch SLAs, and incident notification terms.
• Offline operation plans; ensure core safety functions do not depend on cloud AI.
• Backups that include PLC/RTU configs, model versions, and rollout scripts; test restores.

Governance in plain terms

• RACI across Ops, OT security, Safety, Engineering, and Legal.
• Approval gates: business case, risk review, safety case, pilot exit, production.
• Model inventory: purpose, data sources, owners, versions, and retirement plans.
• Testing policy: pre-deploy validation, periodic revalidation, and change triggers.
• Incident handling that covers AI-specific issues (drift, spoofing, bad outputs).
• Reporting to leadership on risk, performance, and exceptions.

Use cases worth piloting

• HVAC optimization with hard caps and manual override.
• Anomaly detection on energy consumption with shadow alerts first.
• Predictive maintenance on chillers, pumps, and generators with confirmatory checks.
• Access control anomaly flags (after-hours patterns, tailgating signals) with human review.
• Alarm noise reduction that never suppresses life-safety events.

What to tell leadership

• Where AI is used, what it controls, and the safety posture.
• The KPI impact and the rollback plan if results fall short.
• How the program maps to known frameworks (e.g., NIST AI RMF, IEC 62443).
• Third-party dependencies and how you're reducing supplier risk.
• Audit cadence, testing results, and any open risks with timelines to close.

Helpful resources

• CISA: Artificial Intelligence
• NIST: AI Risk Management Framework

Skills and training for your team

If your roadmap includes AI-enabled OT, it helps to level up your team on practical AI, automation, and governance. These collections focus on applied skills:

• AI courses by job function
• Automation-focused training and resources

Bottom line: treat AI as another control element in your plant. Define value, contain risk, and make it easy for operators to keep systems safe if anything goes sideways.