Christopher Walcutt, Chief Security Officer at the boutique cyber firm Direct Defense, draws on nearly thirty years in OT security to outline how industrial-control organizations can adopt AI without courting catastrophe. He stresses that success hinges on having mature defenses already in place, a granular understanding of SCADA/DCS functions, and carefully chosen use cases such as predictive maintenance and cybersecurity analytics. Walcutt walks through the practical architecture—offline LLMs like LM Studio or Gemma, GPU-grade hardware, hardened network segments, and read-only data paths—while underscoring the need for rapid “kill switches,” documented baselines, and leadership buy-in before any model touches live systems.
Key takeaways
- Security maturity first: only organizations with solid segmentation, visibility, and defensive capabilities should consider AI in OT.
- Know the environment in detail—specific system functions, data flows, and normal baselines are prerequisites for safe model training and anomaly detection.
- Choose focused use cases (predictive maintenance, operational efficiency, cyber correlation, training digital twins) and design segmentation and access rules around each.
- Deploy offline LLMs with strict guardrails: network containment, read-only accounts, API-mediated data exchange, and an emergency isolation switch.
- Plan for ongoing control—vulnerability testing, incident-response playbooks, and clear ownership—to prevent the model from acting beyond its intended scope.
