In conversation with Express Computer, Col. Alok Shankar Pandey, CISO, Dedicated Freight Corridor Corporation of India Limited (DFCCIL), discusses how the rapid digitisation of critical infrastructure has significantly expanded the cyber threat landscape, making sectors like payments, power, and healthcare increasingly vulnerable to disruption. He explains that the entry of nation-state actors, coupled with the growing sophistication of ransomware and AI-driven attacks, has fundamentally changed how organisations must approach cybersecurity. Emphasising that prevention alone is no longer sufficient, he calls for a strong focus on cyber resilience, faster recovery capabilities, and continuous monitoring. Pandey also highlights the urgent need for AI-led defence mechanisms and stronger identity protection in the era of deepfakes, while stressing that cybersecurity must be treated as a business risk with active involvement from the entire leadership team—not just the CISO.
With critical infrastructure becoming increasingly digitised, how should organisations re-evaluate their cybersecurity strategies to address evolving threats such as ransomware and nation-state attacks?
The biggest challenge is that cyber attacks on critical infrastructure can bring an entire nation to a halt. Imagine disruptions in UPI systems, power plants, or healthcare services. These are all interconnected and heavily reliant on digital infrastructure today.
Digitalisation has transformed end-to-end business processes into ICT (Information and Communication Technology)-driven systems. Earlier, critical infrastructure relied on proprietary equipment that was difficult to access or replicate, and the expertise required was not widely available. However, with nation-state actors now involved, these barriers have significantly reduced, amplifying the threat landscape.
In such a scenario, organisations must focus on improving their response capabilities, especially for emerging threats targeting critical infrastructure. While ransomware may not always directly impact core operational systems, it can disrupt public-facing IT systems, leading to significant business interruptions.
Organisations must develop strong monitoring capabilities to detect early warning signs of ransomware or similar threats. Equally important is the ability to recover quickly, what we call cyber resilience. Proactive measures and resilience should therefore be at the centre of cybersecurity strategies.
Given the rise of AI-driven cyber threats, how can organisations leverage AI and automation to enhance threat detection and response?
AI-driven threats increase both the velocity and volume of attacks. Cybersecurity, in many ways, is like warfare. When attackers adopt advanced tools, defenders must respond with equally sophisticated capabilities.
Human teams alone cannot handle the scale and speed of modern attacks. This is where AI becomes essential for defence. Organisations should deploy AI-driven security tools, automated response systems, and intelligent playbooks to counter threats in real time.
Automation and AI-powered agents will play a central role in modern security operations by enabling faster detection, quicker response, and more adaptive defence mechanisms.
As cyber resilience becomes as important as prevention, what best practices should organisations adopt to strengthen incident response, disaster recovery, and business continuity?
The primary focus must be on resilience. Organisations should have a well-defined cyber crisis management plan in place. However, having a plan on paper is not enough, it must be regularly updated and rigorously tested.
Any change in infrastructure, such as system upgrades or hardware replacements, should be reflected in the plan. Regular drills and simulations are essential to ensure preparedness.
From a technology perspective, immutable backups are critical. Attackers often target backup systems first, so organisations must maintain secure, tamper-proof backups and practice recovery procedures frequently. The ultimate goal is to minimise downtime and ensure that business operations can resume quickly after an incident.
What are the top cybersecurity priorities for organisations in critical infrastructure sectors today, and how have they evolved?
In critical infrastructure, safety remains the top priority, even above security. Ensuring that systems function safely without causing harm is paramount.
However, as modern infrastructure becomes more digitised, it is increasingly exposed to cyber threats. One of the biggest challenges today is identity impersonation. Attackers can execute legitimate commands by compromising or mimicking authorised identities.
With the rise of technologies like deepfakes, traditional identity verification methods are no longer sufficient. Organisations must adopt stronger identity protection mechanisms, such as hardware-backed authentication, out-of-band verification, and advanced validation techniques.
Sometimes, even a brief pause before executing critical actions can prevent major incidents. Slowing down decision-making in high-risk scenarios can be an effective defence strategy.
With the convergence of IT and OT (Operational Technology), how can organisations secure integrated environments against advanced threats?
I strongly advocate for maintaining an air gap between IT and OT systems wherever possible. There have been incidents where OT networks were compromised due to vulnerabilities that allowed attackers to bridge this gap.
While industry trends push for IT-OT integration to improve data-driven decision-making, it also increases risk. Even in integrated environments, organisations should minimise connectivity and implement strict controls.
Technologies such as data diodes and controlled access points can help secure integration. These measures allow data flow while preventing unauthorised access, thereby reducing the risk of compromise.
What strategies can organisations implement to mitigate risks from third-party vendors and supply chain ecosystems?
Third-party and supply chain risks are among the biggest emerging threats. Organisations must ensure transparency and security across both hardware and software components.
This includes maintaining updated Software Bills of Materials (SBOM) and Hardware Bills of Materials (HBOM), tracking vulnerabilities, and ensuring timely patching.
There is also growing discussion around quantum security and post-quantum cryptography as future safeguards. Keeping systems updated and maintaining strict version control are essential to prevent vulnerabilities from being exploited.
How should organisations prepare for emerging threats such as deepfakes and AI-driven attacks?
The key focus should be on strengthening identity protection. With the rise of deepfakes and AI-generated content, identity verification must evolve beyond traditional methods.
Organisations should adopt advanced techniques such as hardware-based authentication modules, out-of-band verification mechanisms, and passive liveness detection systems. These measures can significantly reduce the risk of identity compromise.
Ultimately, cybersecurity should not be treated as solely a technical issue handled by the CISO. It must be recognised as a business risk. The entire leadership team including the CEO, CFO, and operations heads must take ownership.
Organisations should establish dedicated technology and security functions that address emerging risks, data protection, and privacy. In today’s digital era, technology is a core business enabler, and its security must be treated as a strategic priority.