By 2026, public safety systems across Asia will evolve from isolated command centres into AI-driven ecosystems, creating unprecedented operational gains while also widening the cyber-physical attack surface.
For CISOs overseeing critical infrastructure, this hyper-connectivity dismantles traditional perimeters, blurring lines between IT, OT, and sovereign data governance. The challenge is no longer merely preventing data breaches but guaranteeing operational continuity against autonomous threats.
As AI agents take on "teammate" roles in emergency response, security leaders must prioritise resilience and accountability frameworks that keep pace with machine-speed decision-making, ensuring that automation does not outpace human control.
Navigating the AI transformation in public safety
Public safety remains a cornerstone of governmental responsibility worldwide, encompassing complex, interdependent challenges now profoundly shaped by emerging technologies. Dr Alex Kokkonen, senior researcher and advisor at DXC Technology, highlights the core focus on response capabilities: "Public safety is obviously a critical area for all governments the world over, with many complex and interdependent challenges. Now they're all being affected by the incoming technology."
Before the widespread advent of AI, public safety relied heavily on human-centric operations, siloed systems, and reactive measures. Today, AI-driven ecosystems promise faster detection, triage, and decision-making, yet they introduce new vulnerabilities in hyper-connected environments. Kokkonen emphasises the need for holistic governance.
Governing autonomous agents through design
A central concern is how to deploy autonomous agents without compromising emergency response times. Kokkonen is clear on the solution:
"The keyword here is design. This is about governing through design and ensuring that the controls are embedded. Auditability is critical. And we also need to ensure that a human override is possible as well." Dr Alex Kokkonen
She strongly advocates the human-plus model: "This is why using the human plus model is critical, and that helps to accelerate the detection and the triage, but it ensures that we, as people, do remain with the full life-critical authority."
Complementing this is the application of zero trust principles: "It's also about supplying zero trust to the AIs [and] agents, using identity governance and what we call least privilege." DXC Technology applies a financial framework that "enables a responsible orchestration of AI across operations, but it preserves the emergency response speed."
Statutory Liability and Regulatory Readiness
Statutory Liability in high-impact public safety remains jurisdiction-specific and often immature in the context of autonomous systems. According to Kokkonen, "Statutory Liability varies by country and jurisdiction according to the requirements of that jurisdiction and what's considered Liability. The regulation is moving very, very quickly, and that is a challenge. So, the liability frameworks are not always completely mature. Some are immature, certainly, for autonomous public safety systems."
Readiness, she stresses, "means being contractually defined with accountability across the agencies and the vendors and the operators."
While regulation often lags innovation, Kokkonen is optimistic: "I think what you describe is a reality. But I also believe that what we will see is that gap — speed of regulations catch up — is going to increase so that that time gap is going to become less as we learn more rapidly, as we apply the AI itself to improving the regulation."
Third-party analyses reinforce growing CISO accountability. Personal liability concerns are rising, with regulators scrutinising failures in critical sectors. In Asia, where public safety intersects with critical infrastructure like banking, this trend will likely accelerate.
Zero trust in fragmented ecosystems
Enforcing zero trust across public and private critical infrastructure is complicated by fragmentation. Kokkonen observes that "fragmentation affects many, many aspects... It's not just about the systems, it's about every aspect, whether it's the partner ecosystem, whether it's processes, culture."
The remedy lies in continuous verification: "treating every agency vendor and device and the AI agents as an untrusted identity until we know otherwise, and it is continuously verified." This requires "standardisation of identity governance for the correct access controls and segmentation across the ecosystems as we see the ecosystems evolve."
On supporting varied levels of maturity across suppliers, she notes that "adaptation is the keyword in this and ensuring that everybody can adapt and evolve and upgrade and absorb what they need to do to ensure they're working properly within the ecosystem."
Cloud Security Alliance guidance on zero trust for critical infrastructure supports this, advocating holistic strategies for OT and ICS environments.
Resilience, supply chain, and physical threats
When attackers seek physical disruption rather than financial gain, resilience takes on heightened importance. Kokkonen defines it as "prioritising operational continuity, safety, and… the service uptime as well," involving planning for OT infrastructure, emergency systems, and using "AI, predictive analytics, and rapid containment in assessing those scenarios."
Current supply chain threat models are often inadequate: "I think quite simply, usually not. So traditional models tend to be underweighted in terms of firmware, hardware, and third-party software sabotage," she elaborates. Public safety demands "end-to-end supplier assurance, continuous validation, and procurement governance."
She cites Australia's approach as offering valuable lessons: "the ability to respond rapidly and a lot of it's about bringing partners together quickly… solving situations as a team collectively."
Security by design in digital twins and shadow AI
Embedding security from day one in digital twins and command centres is essential. Kokkonen states:
"No, you're not. And it is necessary as we go forward. And again, this comes to design. So, this is about designing security from the beginning... including identity governance. Segmentation again, threat modelling... Using digital twins to stress test the scenarios will become increasingly important before live deployment." Dr Alex Kokkonen
On shadow AI used by frontline officers, she recommends starting with visibility and "using behavioural monitoring and policy controls rather than just blanket bounds," while providing secure enterprise-approved AI alternatives.
Managing shadow AI and data sovereignty
Frontline officers' use of shadow AI requires visibility, monitoring, and secure alternatives rather than restrictions. Kokkonen recommends behavioural monitoring and policy controls.
Balancing data sovereignty with cross-border threat intelligence sharing demands privacy-preserving architectures and policy-based frameworks.
Data sovereignty and automated defence
Balancing sovereignty with collaboration is achievable through "privacy-preserving architectures" and "policy-based sharing frameworks."
For machine-speed attacks, Kokkonen affirms that automated defence works "if the automation is adaptive and context-aware and risk-tiered… using a graduated response instead of just blanket shutdowns."
Shared Liability and the CISO Role
As AI becomes normative in public services and infrastructure, shared Liability across governance, procurement, deployment, and operations is critical. Kokkonen states: "Liability... needs to be shared and explicitly defined... Roles need to be supported with traceability and explainability."
CISOs play a pivotal role in overseeing deployment and integrity. This echo calls for public safety trend reports on responsible AI with human oversight.
Proactive leadership for public safety
The accountability crisis for CISOs demands proactive, design-led strategies that embed resilience, governance, and human control.
By drawing on frameworks like zero trust, fostering ecosystem adaptation, and leveraging AI responsibly, leaders can safeguard public safety in Asia's evolving landscape.
Kokkonen's insights underscore that success lies in collaboration, continuous verification, and the maintenance of human authority amid technological acceleration.
