The convergence of cyber and physical security is no longer a hypothetical future; it’s the present reality for critical infrastructure operators worldwide. Sam Mackenzie, cybersecurity committee member at the Australian Computer Society (ACS), spoke intelligently about the challenges, demands, and culture shifts now facing organisations on the frontlines of protecting society’s critical systems. Mackenzie warns that while the risk of cyberattacks causing physical damage (such as pumps, circuit breakers, and utility grids) remains relatively rare, the potential consequences demand cross functional preparedness.
“All organisations are looking for return on investment,” Mackenzie says. “But the digital world can now impact the physical in ways few originally expected. We’re now required, by government and common sense, to build security into our products from design through to operation.”
Where once IT and operational teams worked in silos, the realities of today’s threat landscape mean risks can no longer be cordoned off in isolated spreadsheets. Instead, Mackenzie advocates for collaborative risk registers and genuine, purposeful engagement between cybersecurity, engineering, and operations teams.
“The organisations that succeed are those that foster true collaboration, not just superficial deals.” Added Mackenzie.
It takes a village to embed security across the workforce. Mackenzie cited recent incidents; from the widespread CrowdStrike outage to targeted assaults on United States telecom networks, which reminded the industry about the growing complexity faced by infrastructure operators. Mackenzie sees an urgent need to push security awareness beyond annual online modules or isolated audits.
“It needs to permeate…everyone receives email, everyone designs systems, so everyone needs to be engaged with security. Embedding cyber champions in every team and running drills, much like fire safety, could turn muscle memory into real-world resilience.”
This holistic approach, he notes, isn’t about eliminating specialisation but rather creating bridges.
“Awareness and readiness must become everyone’s business.”
Perhaps nowhere is this convergence more visible than in control rooms, who are under constant pressure. The nerve centres running power, water, transport, and emergency services. Mackenzie, recently joining the management committee of the Australian Control Room Network Association (ACRNA), notes that these environments are under growing stress, especially as climate change accelerates catastrophic events.
“The events last longer. Fatigue management, data analytics, and coordination become increasingly vital,” he explains. “Operators aren’t just managing systems, they’re managing real human impacts in the aftermath of storms, outages, and emergencies.”
Mackenzie’s research and industry engagement reveal that while technology advances, so must organisational strategies. Clear communication with the public, by providing realistic restoration times and updates which can mitigate frustration and backlash, both online and off.
With governments worldwide ramping up security regulations including Australia’s own recent cybersecurity mandates, Mackenzie sees a future where ‘secure by design, by default, and by operations’ becomes not just best practice but law. For organisations, this means building resilience at every level, from product development to incident response.
“It’s about helping protect modern day society through securing our essential services.”
