Command and control: modern control room design meets cyber-physical safety

In an era where energy, water, transport and public safety systems face continuous stress — from natural disasters to cyber intrusions — control rooms have emerged as strategic assets. No longer back-of-house operational centres, they are now the digital and physical epicentres of resilience.

Across Australia, critical infrastructure providers are rethinking how control rooms are designed, staffed, secured and integrated. With cyber-physical threats increasing, where digital intrusions can trigger real-world consequences like overflowing reservoirs, blackouts or disrupted rail networks, control rooms must evolve.

This evolution isn’t just technological; it’s human, procedural and urgent. Our modern-day society is depending on us for essential services availability.

A new era of threats

In my recent white paper ‘Securing Society: Insights on Cyber-Physical Safety in Australia’s Critical Infrastructure’, I examined the rising tide of converging threats facing Australia’s asset operators today. The results show that we are truly in a new era, where cyber attackers are no longer just targeting data; they’re probing control systems, exploiting remote access, and aiming to disrupt physical operations.

At the same time, the sector must navigate increasingly severe weather events, supply chain vulnerabilities, and a growing web of interconnected systems spanning multiple agencies and jurisdictions.

Control rooms now sit at the intersection of it all; triaging and responding to an escalating volume of digital alerts, field data and operational events, all while upholding safety, uptime and compliance. This makes them essential points of defence — and prime targets.

From communications centre to operational command

Historically, control rooms were designed with narrow, siloed scopes: a power utility focused on grid visibility; a transport agency on movement flows; emergency services on radio dispatch. Today, those lines are blurring. No service operates in isolation anymore.

Interoperability, once aspirational, is now non-negotiable.

Modern control rooms must integrate:

• digital dispatch;
• closed-circuit television (CCTV);
• Internet Protocol (IP) communications;
• supervisory control and data acquisition (SCADA);
• Internet of Things (IoT) telemetry; and
• land mobile radio (LMR).

Additionally, the emergence of AI-driven decision support and some cases drone telemetry is pushing the boundaries of our current control room set-ups. Similarly, cross-agency information sharing challenges operations to be frictionless, especially in time-critical scenarios.

Yet many current environments aren’t designed for this. Patchwork upgrades and mismatched systems create blind spots, integration barriers and security vulnerabilities; these are risks we can no longer afford.

We need control rooms where communications, telemetry and situational awareness converge into a single, cohesive operational picture. This isn’t just a technical uplift; it’s a strategic shift in mindset and mission.

Designing for security, not just continuity

While continuity has long been a design priority, cybersecurity must now be treated as inseparable from operational resilience.

As the lines blur between IT and OT, attackers are exploiting these convergence points. That’s why control rooms must be secured from the ground up; starting with physical and digital access control, and extending to architectural zoning, network segmentation and built-in redundancy.

Mission-critical systems must be thoughtfully protected from internet-facing tools. Operators should not be flooded with thousands of noisy alarms but supported by systems that filter, contextualise and escalate anomalies with clarity.

There’s also the human dimension. Secure handovers, role-based access and well-drilled escalation protocols are essential. Control rooms can no longer rely solely on corporate IT to manage cyber events. Operators must be empowered and equipped to respond when digital threats reach the frontline.

This is a core message of the Cybersecurity for Critical Infrastructure (CS4CI) community, which I co-founded. Cyber-physical resilience must become part of the everyday rhythm across our modern-day service ecosystems — not a special project, but a default condition.

People first: operator-centric environments

Control rooms are, above all, human environments. These are high-pressure, always-on spaces where operational decisions carry real-world consequences.

Design must prioritise the people inside. That means ergonomic workstations, intuitive user interfaces, managed acoustics and visual clarity. Systems should enable operators to shift from high-level overviews to detailed insights without cognitive friction.

Poor interface design, visual clutter or alarm floods can cause fatigue and critical errors. And in our sector, errors can be catastrophic.

Spatial layout, lighting and collaboration zones also matter. Operators must transition fluidly between routine operations and crisis coordination, and increasingly, they wear multiple hats — planning, monitoring, coordinating, even emergency management — often in rapid succession. Spaces that support this agility will define the next generation of resilient operations.

Training and simulation: operational readiness

Even the most sophisticated control rooms are only as strong as their teams. That’s where simulation comes in; not as a one-off drill, but as a continuous discipline.

Leading organisations use secondary recovery sites, or even digital twins, to simulate scenarios ranging from system failures to cyber attacks. These exercises build reflexes, expose vulnerabilities, and validate both systems and teams under realistic stress conditions.

Simulations also test the control room environment itself. Are tools and workflows available and performant under pressure? Is information access seamless? Can teams shift gears quickly when an event escalates?

Training must span both the digital and physical threat landscape, and be part of the culture, not an afterthought.

Future-ready control rooms: flexible by design

A modern control room isn’t a fixed asset; it’s an evolving capability. It must be architected to scale with emerging technologies like AI analytics, drone surveillance, federated control and remote operations.

This demands modularity, software-defined infrastructure and cloud-augmented data environments; yet these must be implemented carefully to preserve operational technology (OT) segmentation and physical safety.

The goal is not just to meet current demands, but to anticipate future challenges — resisting outages, mitigating threats and enabling innovation. A future-ready control room is not a bottleneck but a platform for performance.

Building a community of resilience

These challenges cannot be solved in isolation. That’s why the CS4CI community exists; to bring together professionals committed to securing the nexus between digital and physical infrastructure.

We share threat intelligence, explore cross-domain solutions, and translate lessons into actionable strategies. From designers and operators to cybersecurity and comms leaders, we are united by a shared purpose: safeguarding the critical systems that underpin modern Australia.

If you’re passionate about protecting the services society depends on, we welcome you to join us. This is a team sport; and our national resilience depends on our collective action. Please send connection requests to the author on LinkedIn or email CS4CI at cs4ci@icloud.com.

Key takeaways for critical comms leaders

Control rooms are evolving into command centres, relied upon to run the essential services of Australia’s modern society. This evolution underscores the importance of communications professionals and their crucial work. In the future, we must consider these factors to achieve success:

• Interoperability is now critical. Control rooms must unify LMR, IP comms, dispatch, SCADA, IoT and video into a single operational view. Seamless integration is essential for rapid, cross-agency response and real-time situational awareness.
• Comms are a cyber attack vector. Voice and dispatch systems are increasingly targeted as entry points. Secure segmentation and access controls are vital to protect communications infrastructure from cyber-physical threats.
• Design for clarity under pressure. Operator-facing systems must support fast, accurate decisions. Clear displays, filtered alerts and intuitive workflows reduce fatigue and support coordination in high-stress scenarios.

Conclusion

Control rooms are no longer quiet, back-end centres. They are now frontline environments, central to coordination, safety and strategic continuity.

As threats intensify and complexity grows, our control rooms must evolve in parallel. That means secure design, interoperable systems, human-centred environments, and a commitment to continuous preparedness.

The future of Australia’s essential services will, in part, be shaped within these rooms. Let’s design, operate and defend them with that responsibility in mind.

*Sam Mackenzie is a technology and cybersecurity leader with 25 years of experience dedicated to protecting and advancing critical infrastructure. As a valued committee member of both the Australian Control Room Network Association (ACRNA) and the Australian Computer Society (ACS), Sam is known for his structured thinking, his talent for simplifying complex challenges, and his ability to harness culture as a catalyst for meaningful change.

Sam’s career spans leadership roles with global brands and household names in Australia, where he has built high-performance teams across sectors including health, telecoms, energy and local government. With hands-on expertise in seven of the 11 Security of Critical Infrastructure (SOCI) Act sectors, Sam’s straightforward approach and thought leadership, evident through his frequent speaking engagements, panel hosting and published works, continue to drive high-quality technology and security outcomes.

Top image credit: iStock.com/Ignatiev