Guest Post: Dimitri van Zantvliet, Cyber Director/CISO Dutch Railways
Dimitri van Zantvliet is the Cybersecurity Director / CISO of Dutch Railways (NS). He’s also co-chair to the Dutch and European Rail ISAC and Rail CISO Forum, Cyber columnist and Speaker and Chair of the oversight committee of the Dutch Expertise Centre Digital Child Abuse. He has been in the field for 3 decades as CIO, CTO and CISO. Dimitri holds an international master’s degree in business administration and CISSP, CRISC, CISA, CISM, CDPSE, CIPP/E, CIPM and FIP cyber certificates.
We used to fear the “zero day.”
An unknown exploit, lurking in a nation-state vault or hacker’s stash, unleashed with precision and patience. It was about timing—wait, breach, disrupt.
Today? Forget waiting.
Welcome to zero second.
The attack surface didn’t just expand. It accelerated. We handed the keys of critical infrastructure—power grids, railways, water systems, telecoms—to automated decision-making systems and barely paused to ask what happens when the first shot isn’t fired by a human… but defended by one reacting far too late.
The Fallacy of Speed = Safety
We love speed.
Predictive maintenance, real-time monitoring, instant grid rebalancing, autonomous dispatching. Every boardroom slideshow beams with graphs of optimization.
But speed without resilience is a loaded gun duct-taped to a rocket.
-
AI agents trained on flawed datasets.
-
Language models making control decisions.
-
Digital twins being cloned with vulnerabilities intact.
Nobody’s checking who’s behind the wheel—only that the dashboard lights are green.
Spanish Blackout, Global Preview
Last week’s Spanish energy grid failure wasn’t “just” an outage.
It was a dress rehearsal for societal collapse.
-
Hospitals stalled.
-
Transit halted.
-
Communications scrambled.
-
Emergency services jammed.
The future culprit? A cascade initiated by a bad sensor reading, misinterpreted by an AI triage layer, accelerated by automated switches—all too fast for a human to stop.
We’ve engineered systems that fail at zero second.
No time for alerts.
No time for mitigation.
No time for truth.
We Forgot the Kill Switch
Every missile system has one.
Every old train has one.
Every sane engineer used to design for one:
The manual override.
But now?
-
Where’s the AI Kill Switch Architect?
-
Who’s responsible for pulling the plug when the AI goes rogue?
We’ve automated the pilots, but not the parachutes.
We’ve streamlined the controls, but buried the failsafe in a Slack channel.
The next attack won’t be stopped by another SOC analyst or “AI governance” deck.
It will be stopped—or not—by someone who had the foresight to install a physical, analog, irrevocable kill switch between the algorithm and the actuator.
We Need Resilience, Not Illusions
This isn’t about patching.
This is about decoupling fragility from survival.
-
Air gaps, not slide decks.
-
Fail-safes with analog backups, not “smart” failovers.
-
Distributed command authority, not single AI “brains” trained in cozy labs.
We must engineer deceleration—deliberate latency where critical systems demand human override.
We must stop trusting code we didn’t write, can’t audit, and barely understand.
We must appoint real Kill Switch Architects, with real authority, real designs, and real teeth.
Wake Up Before the Lights Go Out
The war has already started. It’s silent. Instantaneous. Invisible until the impact.
Societies don’t collapse from nukes anymore.
They collapse from cascading faults in over-optimized, AI-accelerated systems with no resilience.
From going from zero day to zero second.
Cyberresilience isn’t a checkbox.
It’s an existential mandate.
And right now?
We’re not ready.