AI Governance · OT/ICS Security · Critical Infrastructure
AI governance and OT security for critical infrastructure
I develop research, frameworks, and assurance models for governing AI in high impact operational environments, with a focus on the electric sector, ICS/OT cybersecurity, and cyber physical AI risk. Author of AAIGF-E, the first control mapped AI governance framework built for the Bulk Electric System.
Cybersecurity GRC experience across smart city, critical infrastructure, and OT/ICS aligned environments, including governance work connected to a national smart city development program aligned with Saudi Vision 2030.
Presented accepted IEEE Scientific Sessions paper at ICCSDFAI 2026 in Istanbul, Türkiye. ACP Model published on SSRN as part of a growing research portfolio on AI governance, OT/ICS security, and cyber physical AI risk.
The Adaptive AI Governance Framework for the Electric Sector closes the governance gap that exists when AI systems operate inside the Bulk Electric System. No existing mandatory standard currently governs model integrity, adversarial threats, drift detection, or AI output influence on operators. AAIGF-E is a CIP overlay, not a replacement.
NERC CIPMITRE ATLASNIST AI RMFISA/IEC 62443ISO/IEC 42001
AAIGF-E Executive Brief — 4 page management overviewDownload PDF
Pilot AAIGF-E in Your Environment
AAIGF-E is available for research aligned pilot assessments with electric sector, OT/ICS, smart infrastructure, and critical infrastructure organizations.
Request an AAIGF-E Pilot Assessment
A pilot assessment can help identify AI governance gaps, map existing controls against AAIGF-E, and evaluate how AI related risks such as model integrity, drift, adversarial inputs, operator influence, monitoring, response, and recovery are addressed within current governance and compliance processes.
Electric utilitiesGrid operatorsOT/ICS asset ownersSmart infrastructure programsAI governance teamsCybersecurity and GRC teams
Use this short form to prepare a pilot assessment inquiry. When you submit it, the request will be securely sent through Formspree.
AAIGF-E Maturity Assessment
The AAIGF-E maturity assessment is being developed as a board oriented review model to help organizations evaluate AI governance readiness across lifecycle ownership, control coverage, assurance, monitoring, incident response, and recovery readiness.
01
Governance maturity snapshot
Summarizes current AI governance readiness and accountability across high impact AI use cases.
02
Control coverage mapping
Maps current governance and cybersecurity practices against AAIGF-E control expectations.
03
Board ready summary
Translates AI governance gaps into leadership level risk themes and recommended next steps.
Standards and Community Engagement
NIST
AI Profile and NCCoE Engagement
Participant in NIST AI Profile public discussions, including feedback related to AI governance, assurance, and critical infrastructure risk. Member of the NCCoE Manufacturing Sector Community of Interest for cybersecurity guidance related to manufacturing and OT environments.
ISA99 / 62443
Industrial cybersecurity standards activity
Participant in ISA99 related standards discussions, including JT 62443 06 activity. Submitted comments on ISA IEC 62443 SR 3.1 to SR 3.5 focusing on AI/ML security gaps, and contributed feedback on Security Level Representation options.
OWASP
Agentic AI security and governance
Reviewer and contributor to OWASP agentic AI security and governance work, with emphasis on AI risk scoring, assurance, and governance considerations.
Prompt Injection Through Operational Data Feeds: A Structural Governance Gap in OT Connected Agentic AI Systems
Accepted for presentation at the IEEE Scientific Sessions of the 2026 International Conference on Cybersecurity, Digital Forensics, and AI Applications in Istanbul, Türkiye.
April 2026 · SSRN
AAIGF-E: Adaptive AI Governance Framework for the Electric Sector
Presents a 111 control, 11 domain governance framework for AI systems in Bulk Electric System environments, mapped to NERC CIP, NIST AI RMF, MITRE ATLAS, ISA/IEC 62443, and ISO/IEC 42001.
The ACP Model: Operational Authority Drift in AI Enabled Industrial Systems
Published on SSRN with 42 views and 20 downloads in the current SSRN record. Introduces the AI Consequence Propagation model as a six stage explanation of how AI reliability degradation, authority drift, and weak governance interception points can create operational, safety, and governance risk in industrial environments.
AI Governance in Smart Grids and Industrial Automation: Integrating RAG with Framework Mapping
Explores how retrieval augmented generation interacts with AI governance requirements in smart grid and industrial automation contexts, including mapping across major AI, cybersecurity, and energy frameworks.
Exploring the Role of RAG in Enhancing Cybersecurity GRC Frameworks
Examines how retrieval augmented generation can support cybersecurity GRC workflows, including compliance traceability, evidence retrieval, and control mapping.
ISO 42001: Artificial Intelligence Management System · Webinar
Delivered
Dec 2025
ISACA Riyadh Chapter
New ISACA Advanced in AI Audit AAIA Certification Plan · Chapter Technical Session
Delivered
Jan 2026
ISACA Atlanta Webinar Program
How to Audit AI Systems: Practical Steps for IS Internal Auditors · Webinar
Delivered
Oct 2026
ISACA Atlanta Webinar Program
AI Auditing in High Risk Industries: A Practical Approach Beyond ISO 42001 and NIST AI RMF · Webinar · Rescheduled from June due to IEEE Istanbul engagement
Upcoming
Jun 2026
IEEE Scientific Sessions, International Conference on Cybersecurity, Digital Forensics, and AI Applications
Prompt Injection Through Operational Data Feeds: A Structural Governance Gap in OT Connected Agentic AI Systems · Istanbul, Türkiye · Rescheduled from June due to IEEE Istanbul engagement
Guest appearance on AI governance, OT/ICS security, and critical infrastructure · Podcast
Delivered
Research Aligned Advisory
A
AI governance reviews
Reviewing AI governance models, assurance controls, and gaps in high impact AI deployment plans for energy and industrial organizations.
B
OT/ICS AI risk workshops
Structured sessions on agentic AI risk, operational data trust, cyber physical threats, and assurance design for OT environments.
C
Framework mapping
Mapping AI governance requirements to NERC CIP, NIST AI RMF, ISA/IEC 62443, MITRE ATLAS, and ISO 42001 for utilities and asset owners.
For AAIGF-E pilot assessments, maturity reviews, framework reviews, and advisory engagements, inquire for scope and availability.
Research Impact
8Public SSRN papers across AI governance, OT/ICS security, RAG, adversarial AI, and cyber physical AI risk.
1,100+SSRN paper views across publicly available research outputs.
300SSRN downloads indicating early research and practitioner engagement.
1IEEE Scientific Sessions conference paper presented at ICCSDFAI 2026 in Istanbul, Türkiye.
NISTAI Profile public discussions and NCCoE Manufacturing Community of Interest.
ISA99ISA/IEC 62443 related comments including AI/ML gaps and Security Level Representation.
OWASPAgentic AI security and governance review contribution.
ACP Model Published
SSRN · Published Research
The ACP Model: Operational Authority Drift in AI Enabled Industrial Systems
The ACP Model introduces AI Consequence Propagation as a six stage model explaining how AI reliability degradation, authority drift, and weak governance interception points can create operational, safety, and governance risk in industrial environments.
Core Concept
Operational authority drift
The paper explains how dependency on AI outputs can exceed authorized decision boundaries without explicit reconfiguration, creating governance and assurance risk in industrial settings.
Research Direction
From AI failure to operational consequence
The model supports practical conversations about AI governance, human oversight, incident response, and control validation for AI enabled industrial and critical infrastructure systems.
Conference Highlight
ICCSDFAI 2026 · Istanbul, Türkiye
Accepted paper presented at IEEE Scientific Sessions
Presented the paper “Prompt Injection Through Operational Data Feeds: A Structural Governance Gap in OT Connected Agentic AI Systems” at ICCSDFAI 2026 in Istanbul, Türkiye.
The presentation addressed OT connected agentic AI risk, operational data feed manipulation, and governance gaps affecting AI enabled critical infrastructure environments.
The certificate of participation confirms the paper presentation, co authorship with Dinara Kozhamzharova, and contribution to ICCSDFAI 2026.
Presenting research on OT connected agentic AI risk and operational data feed manipulation.ICCSDFAI 2026 conference venue in Istanbul, Türkiye.Session engagement and technical discussion during the conference.Professional engagement with conference participants and research community.
Selected Activity
Energy Digital Q and A forthcomingSSRN · 8 public papers · 1,100+ views · 300 downloadsACP Model · published on SSRNICCSDFAI 2026 · paper presentedProtect It All Podcast · upcoming guest appearanceISACA Atlanta webinar · rescheduled to Oct 2026NIST AI Profile · NCCoE · ISA99 / 62443 · OWASP engagement
Available for research aligned advisory work
If your work involves NERC CIP compliance, OT/ICS security, AI deployment at a utility, smart infrastructure assurance, or AI governance research, I would value a conversation.