KRITIS · Area 1 of 4
Critical Infrastructure Protection
A substation doesn't clock off, doesn't have a guard at every fence line, and doesn't get a second chance. We give it an airspace someone is watching.
The situation
The attack surface of critical infrastructure has moved upward. Fences, cameras and patrols are built for an intruder who arrives on foot. An off-the-shelf aircraft ignores that entire security architecture — it lifts off from a treeline, climbs to a hundred metres, and is over the transformer in four minutes.
It is rarely about explosives. The more common scenario is cheaper and more effective: reconnaissance. One overflight yields thermal imagery of the plant layout, documents patrol rhythms, maps access routes and cable runs. That data is the groundwork for whatever comes next — physical or digital. Miss the reconnaissance, and you learn about the attack from the outage.
Then there is the blunt version: a lightweight airframe carrying a few kilograms, dropped into an open-air switchyard. The damage isn’t kinetic. It’s conductive. A fault at 110 kV costs months of lead time on a transformer nobody holds in stock.

Our approach
We don’t build a fence in the sky. We build a picture that starts early enough to leave you a decision.
Detection starts outside the perimeter
An alert at the property line is an alert with no room to act. Our sensing is laid out to catch an approach while it’s still kilometres out — not when it’s already over the fence. The gap between those two moments is the entire decision space your control room has.
Classification before alert
A system that cries wolf at every flock of birds gets muted within two weeks. That’s why most C-UAS installations fail — not the technology, but alert fatigue. Our systems separate aircraft from wildlife, permitted survey drone from unknown airframe, filed flight from unfiled. What reaches your control room has already been assessed.
An alert path that ends somewhere
Detection without a defined response is incident documentation, not protection. So we write the escalation chain with you before anything is installed: who gets told, in what order, with what authority, within what window. The output is a document that holds in an incident and stands up in an audit.
Integration, not another island
The picture surfaces where your security already sits — in your existing control room, through open interfaces to the CCTV, perimeter and alerting you already run. We don’t ship one more window for an already crowded screen.
Capabilities
| Layer | Function |
|---|---|
| Early warning | Long-range coverage of the approach sector. Laid out against site geometry and terrain profile. |
| Detection | Multiple sensors across distinct physical principles. Redundancy against weather and environment degrading any single sensor type. |
| Classification | Aircraft / wildlife / traffic separation. Correlation against filed flights. Assessment against your rule set. |
| Tracking | Continuous track maintenance, including launch point reconstruction where it can be derived. |
| Evidence | Audit-grade recording for prosecution, insurance and regulator. |
| Effect | Graduated countermeasures subject to mandate and national law. Specified case by case. |
We publish nothing about effectors. Which measures are lawful, proportionate and technically sound for your site is a conversation we have under protection — it depends on mandate, location and jurisdiction.

Asset types
Every asset class carries its own profile of vulnerability, RF environment and legal basis. What works at a data centre is useless at a port.
Energy
Substations, power stations, grid nodes, wind farms. Characteristics: heavy electromagnetic noise, sprawling open sites, and replacement lead times on core components measured in months. The sensing has to work inside the plant’s own interference — which rules out several common approaches before the conversation starts.
Gas, oil, water
Terminals, pumping stations, storage, water treatment. Characteristics: explosive atmospheres with the installation constraints that implies, often coastal with approach sectors over water, frequently under specific state attention. A terminal in Klaipėda carries a different risk profile than an inland pumping station.
Data centres and telecoms
Characteristics: the threat is rarely kinetic. It’s reconnaissance — roof layout, cooling circuits, backup power, delivery access. Whoever has mapped that is planning something else. On top of that: an RF environment where broadband countermeasures would take down your own operation.
Ports, logistics, rail
Characteristics: constant public traffic, large footprints, many legitimate flights — survey, inspection, press. Detection isn’t the hard part. Separating legitimate from unfiled without stopping operations is.
Military and government sites
Characteristics: their own legal basis, their own command structure, integration into higher-echelon air pictures. Here our role is usually supply and integration, not overall responsibility.
Legal framework
Detection across the EU is largely unproblematic. Effect is not. Interfering with someone else’s aircraft touches protected legal interests — and requires a basis.
So every project carries a documented mapping: which measure, under which provision, executed by which body, under what mandate. For private operators that usually means detection and evidence in-house, effect through the competent authority. We build that interface with you — it’s the part where most projects fall over.
Applicable frameworks, depending on site and operator status:
- NIS2 Directive (EU 2022/2555) — risk management and reporting duties for essential and important entities. Transposed in Lithuania through the Law on Cybersecurity.
- CER Directive (EU 2022/2557) — resilience of critical entities, physical dimension.
- EU drone regulations 2019/947 and 2019/945 — operations and geofencing.
- National aviation and police law — competence for effect measures.
- GDPR — once sensing captures personal data; recording needs a purpose, a retention period and a deletion concept.
- Dual-Use Regulation (EU 2021/821) — export control across parts of our portfolio.
How we work
From first enquiry to live operation typically runs three to six months, in five steps that build on each other. Any step can be the last one.
| Step | Content | Duration |
|---|---|---|
| First conversation | Asset, threat picture, existing measures, mandate position. Under NDA if you prefer. | 1 meeting |
| Site survey | Walk-through, terrain profile, RF environment, approach sectors, legal mapping. | 2–4 weeks |
| Concept | Sensor layout, escalation chain, integration path, cost envelope. Assessed vendor-neutral. | 3–6 weeks |
| Installation | Build, integration into your control room, calibration in the real interference environment, training. | project-dependent |
| Operation | Maintenance, signature updates, exercises, annual effectiveness review. | ongoing |