Skip to content

KRITIS · Area 1 of 4

Critical Infrastructure Protection

A substation doesn't clock off, doesn't have a guard at every fence line, and doesn't get a second chance. We give it an airspace someone is watching.

The situation

The attack surface of critical infrastructure has moved upward. Fences, cameras and patrols are built for an intruder who arrives on foot. An off-the-shelf aircraft ignores that entire security architecture — it lifts off from a treeline, climbs to a hundred metres, and is over the transformer in four minutes.

It is rarely about explosives. The more common scenario is cheaper and more effective: reconnaissance. One overflight yields thermal imagery of the plant layout, documents patrol rhythms, maps access routes and cable runs. That data is the groundwork for whatever comes next — physical or digital. Miss the reconnaissance, and you learn about the attack from the outage.

Then there is the blunt version: a lightweight airframe carrying a few kilograms, dropped into an open-air switchyard. The damage isn’t kinetic. It’s conductive. A fault at 110 kV costs months of lead time on a transformer nobody holds in stock.

Our approach

We don’t build a fence in the sky. We build a picture that starts early enough to leave you a decision.

Detection starts outside the perimeter

An alert at the property line is an alert with no room to act. Our sensing is laid out to catch an approach while it’s still kilometres out — not when it’s already over the fence. The gap between those two moments is the entire decision space your control room has.

Classification before alert

A system that cries wolf at every flock of birds gets muted within two weeks. That’s why most C-UAS installations fail — not the technology, but alert fatigue. Our systems separate aircraft from wildlife, permitted survey drone from unknown airframe, filed flight from unfiled. What reaches your control room has already been assessed.

An alert path that ends somewhere

Detection without a defined response is incident documentation, not protection. So we write the escalation chain with you before anything is installed: who gets told, in what order, with what authority, within what window. The output is a document that holds in an incident and stands up in an audit.

Integration, not another island

The picture surfaces where your security already sits — in your existing control room, through open interfaces to the CCTV, perimeter and alerting you already run. We don’t ship one more window for an already crowded screen.

Capabilities

LayerFunction
Early warning Long-range coverage of the approach sector. Laid out against site geometry and terrain profile.
Detection Multiple sensors across distinct physical principles. Redundancy against weather and environment degrading any single sensor type.
Classification Aircraft / wildlife / traffic separation. Correlation against filed flights. Assessment against your rule set.
Tracking Continuous track maintenance, including launch point reconstruction where it can be derived.
Evidence Audit-grade recording for prosecution, insurance and regulator.
Effect Graduated countermeasures subject to mandate and national law. Specified case by case.

We publish nothing about effectors. Which measures are lawful, proportionate and technically sound for your site is a conversation we have under protection — it depends on mandate, location and jurisdiction.

Asset types

Every asset class carries its own profile of vulnerability, RF environment and legal basis. What works at a data centre is useless at a port.

Energy

Substations, power stations, grid nodes, wind farms. Characteristics: heavy electromagnetic noise, sprawling open sites, and replacement lead times on core components measured in months. The sensing has to work inside the plant’s own interference — which rules out several common approaches before the conversation starts.

Gas, oil, water

Terminals, pumping stations, storage, water treatment. Characteristics: explosive atmospheres with the installation constraints that implies, often coastal with approach sectors over water, frequently under specific state attention. A terminal in Klaipėda carries a different risk profile than an inland pumping station.

Data centres and telecoms

Characteristics: the threat is rarely kinetic. It’s reconnaissance — roof layout, cooling circuits, backup power, delivery access. Whoever has mapped that is planning something else. On top of that: an RF environment where broadband countermeasures would take down your own operation.

Ports, logistics, rail

Characteristics: constant public traffic, large footprints, many legitimate flights — survey, inspection, press. Detection isn’t the hard part. Separating legitimate from unfiled without stopping operations is.

Military and government sites

Characteristics: their own legal basis, their own command structure, integration into higher-echelon air pictures. Here our role is usually supply and integration, not overall responsibility.

Detection across the EU is largely unproblematic. Effect is not. Interfering with someone else’s aircraft touches protected legal interests — and requires a basis.

So every project carries a documented mapping: which measure, under which provision, executed by which body, under what mandate. For private operators that usually means detection and evidence in-house, effect through the competent authority. We build that interface with you — it’s the part where most projects fall over.

Applicable frameworks, depending on site and operator status:

  • NIS2 Directive (EU 2022/2555) — risk management and reporting duties for essential and important entities. Transposed in Lithuania through the Law on Cybersecurity.
  • CER Directive (EU 2022/2557) — resilience of critical entities, physical dimension.
  • EU drone regulations 2019/947 and 2019/945 — operations and geofencing.
  • National aviation and police law — competence for effect measures.
  • GDPR — once sensing captures personal data; recording needs a purpose, a retention period and a deletion concept.
  • Dual-Use Regulation (EU 2021/821) — export control across parts of our portfolio.

How we work

From first enquiry to live operation typically runs three to six months, in five steps that build on each other. Any step can be the last one.

StepContentDuration
First conversationAsset, threat picture, existing measures, mandate position. Under NDA if you prefer.1 meeting
Site surveyWalk-through, terrain profile, RF environment, approach sectors, legal mapping.2–4 weeks
ConceptSensor layout, escalation chain, integration path, cost envelope. Assessed vendor-neutral.3–6 weeks
InstallationBuild, integration into your control room, calibration in the real interference environment, training.project-dependent
OperationMaintenance, signature updates, exercises, annual effectiveness review.ongoing

Request a site survey