From Automation to Exploitation: AI’s Growing Impact on ICS Cyber Risk is redefining how industrial control systems face cyber threats. This session explores how AI’s growing impact on ICS cybersecurity enables real-time anomaly detection, zero-day attack prevention, and OT-focused intrusion detection, while highlighting the operational and regulatory risks.

This session is a presentation for the Cyber Senate Cyber Physical Systems Protection Conference November 25-26th in London at the Thistle Marble Arch.

Meet the Speaker: Franky Thrasher – Manager Nuclear Cybersecurity, ENGIE Electrabel

Franky Thrasher brings nearly 20 years of cybersecurity expertise to the Cyber Physical Systems Protection 2025 conference. As Manager of Nuclear Cybersecurity at ENGIE Electrabel, he has led the creation and rollout of a dedicated program protecting Belgium’s critical infrastructure — from nuclear power plants to the nation’s gas-fired, coal, and combined heat cycle facilities.

Holding a Master of Science in Computer Security from the University of Liverpool, Franky also holds multiple industry certifications, including CISSP, CSSA, and CME. His specialisms include risk assessment, ICS security policy development, secure architecture design, disaster recovery planning, and security auditing.

An accomplished international speaker, Franky has shared his expertise at conferences worldwide and as a guest lecturer at institutions including the University of Genoa, Mercer University, and MIT. He is a firm believer that cybersecurity is “15% technology and 85% policy and people skills,” an approach that underpins his success as an engaging trainer and facilitator.

AI-Enhanced Threat Detection in ICS Environments

  • How AI enables anomaly detection in real-time ICS network traffic
  • Examples of AI-based intrusion detection systems (IDS) tailored for OT (Operational Technology)
  • Benefits: Early warning, pattern recognition, zero-day detection
  • Limitations: False positives, training data scarcity

AI as a Weapon: How Attackers Use AI Against ICS

  • Use of AI for automated vulnerability discovery and system fingerprinting
  • AI-generated malware that adapts to ICS defenses
  • Deepfake audio/visual used to manipulate operators or breach authentication
  • The shift toward autonomous offensive cyber tools

Legacy Systems vs. Intelligent Threats: A Critical Mismatch

  • Why older ICS systems (designed for reliability, not security) are vulnerable
  • The risk of AI-powered attacks overwhelming static or manually monitored defenses
  • Real-world examples of legacy tech being exploited (e.g., Stuxnet’s programmable logic controllers)

AI Model Integrity and Supply Chain Risk

  • Risks of compromised or poisoned AI models used in ICS environments
  • Supply chain vulnerabilities: Third-party AI tools integrated into control systems
  • Trust, validation, and secure development practices in AI adoption

Balancing Automation and Human Oversight in ICS Security

  • The danger of overreliance on AI in safety-critical infrastructure
  • Importance of explainability and auditability in AI decision-making
  • Best practices: Human-in-the-loop systems, training operators to interpret AI outputs
  • Regulatory outlook (NIS2, IEC 62443, EU AI Act) and how it impacts deployment