ADV · Area 4 of 4
Advisory & Concepts
The most expensive system is the one that solves the wrong problem. Before anyone buys hardware, the question has to be right — and sometimes the answer is: no hardware.
Why we sell advisory separately
A vendor who advises and supplies has a conflict. That isn’t an accusation — it’s structure. When the recommendation is your own product, the analysis was sales.
We don’t solve that with a reassurance. We solve it with a separation: advisory mandates are contracted separately, paid separately, and not credited against a supply contract. The outcome of a concept can explicitly be that you buy nothing from us. That possibility is the precondition for the concept being worth anything.
The second reason is more practical. A substantial share of the enquiries we receive describe a solution, not a problem: „we need a detection system.“ The follow-up — against what, under what mandate, with what response, measured how — often goes unanswered. Skip those questions and you buy a box and acquire an operating cost.

Services
Threat and risk analysis
What at your site is realistically attackable, by whom, at what effort, to what consequence. We don’t work from generic threat catalogues. We start at your asset: terrain profile, approach sectors, realistic launch points in the surrounding area, sight lines, existing measures and the gaps between them. The output is a prioritised picture — not a list of everything conceivable, but the few things that deserve your attention.
Resilience concept
Detection is one component, not the answer. A resilience concept asks the next question: what happens if the attack succeeds? How long is the asset down? What redundancy takes over? Who decides in the first hour? An operator who absorbs an outage in two hours needs a different defence from one who needs weeks — and in many cases, investment in recovery beats investment in detection.
Protection concept
The translation of analysis into measures: what, where, in what order, at what envelope. Assessed vendor-neutral, with alternatives stated and limits stated. Usable as a procurement basis, including when you take it to another supplier.
Escalation and alerting concept
The part most projects skip and most projects then fail on. An alert with no defined recipient, no mandate and no window is a log entry. We write the chain with you: who gets told, in what order, with what authority, within what time — and what happens when nobody picks up.
Second opinion
You have a quote, a tender or an installed system and want an independent read. We assess the layout, the assumptions and the effectiveness claims — including where we don’t bid ourselves. Most common finding: the system does what the datasheet says. The datasheet was just measured under conditions other than yours.
NIS2 and CER
For operators of essential and important entities, protective measures are no longer discretionary. They’re a duty — with personal accountability at management level.
The NIS2 Directive (EU 2022/2555) requires risk management that treats physical and digital threats together. An airframe conducting reconnaissance against a data centre is a NIS2-relevant incident — the split between „cyber“ and „physical“ doesn’t survive contact with practice, and the directive doesn’t draw it either. Lithuania transposes this through the Law on Cybersecurity; the competent body is the National Cyber Security Centre (NKSC).
The CER Directive (EU 2022/2557) addresses the physical resilience of critical entities — risk assessment, resilience measures, reporting duties. For most operators both frameworks apply in parallel.
Our role in that:
- Gap analysis. Where your existing documentation stands against the requirements — specifically, and with evidence.
- Risk assessment. The airspace dimension in the form the directive requires: testable, not narrative.
- Reporting process. Who identifies a reportable incident, who reports, within what window, to whom. The windows are short enough that improvisation is not an option.
- Evidence. Documentation that survives an audit.
We are not a law firm and we don’t give legal advice. We translate between technical reality and regulatory requirement, and work alongside your legal function or your counsel wherever that’s needed.

Procurement support
Counter-UAS is a market with many claims and few standards. Datasheets aren’t comparable because the measurement conditions aren’t comparable. A stated detection range holds for one specific airframe, in one weather state, in one interference environment — and it rarely says which.
We support procurement where in-house expertise is thin or an independent voice is needed:
- Requirements. What the system must do, measured against what, under what conditions. Written so the answer is testable.
- Tender documents. Technical specification, evaluation matrix, acceptance criteria — usable under procurement law.
- Bid evaluation. Translating marketing into capability. Which commitment is testable, which is a condition buried in the annex.
- Acceptance. Testing against what was promised, at your site, under your conditions. Not on the vendor’s test range.
Where we support a procurement, we don’t bid in it. That isn’t courtesy. It’s the condition under which the support does what it’s for.
Exercise and testing
A concept never exercised is a hypothesis. The question isn’t whether it works. It’s what it costs to find that out for the first time in an incident.
Tabletop
Played through around a table, with the people who would actually decide. Cheapest format with the highest insight per unit of effort. The typical finding is never technical: two participants held different pictures of who decides.
Alert exercise
An alert fires, the chain runs. What gets measured is how long it takes and where it stalls. Unannounced — otherwise you’re measuring the preparation.
Functional test
A controlled flight against your system, permitted and coordinated. Tests what the system actually sees at your site — not what it should see.
Effectiveness review
Annual, documented, against the original design. Because the threat moves while the system stays still. A system that was effective at acceptance is not automatically effective three years later.
Formats
| Format | Content | Envelope |
|---|---|---|
| First conversation | Framing your situation, open questions, possible routes. Under NDA if you prefer. | no charge |
| Short analysis | Site walk-through, threat picture, prioritised recommendation. Concise report. | 1–2 weeks |
| Full concept | Analysis, resilience, protection concept, escalation chain, procurement basis. | 6–12 weeks |
| Second opinion | Review of an existing quote, concept or installed system. | 1–3 weeks |
| Retained support | Ongoing advice across a project, named points of contact. | by agreement |
| Training | For control room, stewarding, security leads. Available without a system purchase. | 1–3 days |