Energy & Utilities

Protection for energy infrastructure where physical, cyber, and electromagnetic threats converge across distributed assets - and where your response depends on partners who need your picture.

Substations, power plants, pipelines, refineries, nuclear sites, and transmission corridors face a threat environment that has changed faster than most security architectures. Substation attacks, drone surveillance over plants, GPS jamming affecting SCADA timing, OT/ICS ransomware, coordinated protest activity, and state-aligned reconnaissance all happen against the same assets - often in the same week. Empyrean gives energy sector security teams a unified operational picture designed for distributed facilities, remote locations, and the realities of regulated energy environments. And when a threat crosses the line from detection to response, Empyrean's federation architecture ensures the law enforcement, federal, and mutual aid partners you depend on see what you see - before the phone call, not after.

The Threat Environment You Operate In

The attack surface of modern energy infrastructure is not the same asset your security architecture was designed to protect. Substations that were once behind a chain-link fence and a padlock are now targeted with rifle fire, drone surveillance, and coordinated physical attacks that exploit the geographic isolation and minimal staffing that defines most of the transmission grid. The Metcalf substation attack in 2013 demonstrated the vulnerability. A decade later, the attacks against substations in Moore County, North Carolina and Pierce County, Washington confirmed that the playbook is public and the barrier to entry is low.

At the same time, the OT/ICS environment has changed underneath the security architecture that was supposed to protect it. Vendor remote access sessions, cloud-connected historians, predictive maintenance platforms, and HMI interfaces with network paths that nobody mapped have created IT/OT boundary conditions that the Purdue model does not describe and the NERC CIP program was not designed to audit. The OT security engineer knows these paths exist. The compliance analyst's documentation says they don't. The gap between the two is where incidents begin.

Layered on top of the physical and cyber exposure is an electromagnetic threat that most utilities do not monitor at all. GPS jamming and RF interference near SCADA infrastructure can degrade protective relay timing, disrupt microwave backhaul between substations, and introduce synchronization errors into phasor measurement units. The first indication is usually a relay misoperation or a communications alarm - discovered after the damage propagates, not before. Spectrum monitoring around substations and generation facilities is technically straightforward and operationally critical, but it sits in a gap between the physical security team (which doesn't think about RF) and the OT team (which doesn't think about spectrum) and the communications team (which monitors its own links but not the environment around them).

And all of this is happening against a background of narrative and social media activity that occasionally spills into physical action. Coordinated protest campaigns against pipeline infrastructure, social media reconnaissance of substation locations and access points, and threat messaging targeting utility employees have all occurred in the past 24 months. The information that would connect a social media threat to a physical security posture change lives in a marketing team's social listening tool - if it is monitored at all - and never reaches the site security manager who would act on it.

Why the Current Architecture Fails

Energy security architectures were built in layers that made sense at the time and do not make sense now. Physical security - cameras, fence alarms, access control, guard force - runs on one platform with its own vendor, its own server, and its own monitoring workflow. OT security - if it exists as a distinct function - runs through the SIEM or a specialized OT monitoring tool that the IT security team may or may not have visibility into. Cybersecurity lives in the SOC, which is usually at a corporate office hundreds of miles from the assets it is supposed to protect. Regulatory compliance lives in a documentation system that captures the state of security posture quarterly but cannot tell you what is happening right now.

That is not taking into account the various degrees of logical separation. Some workloads may be in AWS GovCloud partitions while others are in a Commercial partition (e.g., us-east-1 versus us-gov-east-1). When you have multiple cloud service providers, multiple Virtual Private Servers (VPS), and either co-located, managed, or self-managed networks that are physical or virtualized it becomes even harder to coordinate this picture.

Each of these layers generates data. None of them correlate with each other in real time. When a drone appears over a substation at the same time that an unusual remote access session is active on the SCADA network, no system sees both events. The site security manager sees the drone (if they see it at all, or have Counter-UAS sensing capabilities). The OT engineer might notice the remote access session during a routine log review days later. The connection between the two is never made because the data lives in separate systems monitored by separate teams on separate schedules.

The second failure is geographic. Energy infrastructure is distributed by definition. A single utility may operate hundreds of substations, dozens of generation facilities, and thousands of miles of pipeline or transmission corridor spread across multiple counties, multiple law enforcement jurisdictions, and multiple time zones. The corporate security operations center may have a dashboard for each facility. It does not have a common operational picture that shows what is happening across all of them simultaneously, with correlation between events at Site A and events at Site B that might indicate a coordinated campaign - outside of, perhaps, a SIEM or other PSRM tool.

The third failure is resilience. Modern security monitoring tools assume reliable network connectivity and cloud availability. During a major storm or grid event - precisely when adversary action is most likely and least likely to be noticed - the backhaul links that connect remote sites to the corporate SOC degrade or fail entirely. Cloud-dependent monitoring platforms go dark. Camera feeds buffer. Alarm systems queue. The site security manager is operating blind at the moment they need visibility most, and the corporate SOC is staring at connection-lost indicators while the storm restoration team consumes every available radio channel and operations center resource.

What Empyrean Gives You

Empyrean provides a converged operational picture across physical, OT/ICS, cyber, RF, and narrative domains - deployable at the site, at the corporate SOC, or both, with role-based views that give each function exactly what it needs without drowning anyone in data that belongs to another team. The site security manager sees perimeter alerts, camera analytics, drone detections, and access control events. The OT engineer sees PLC telemetry, remote access session logs, and network anomalies. The NERC CIP compliance analyst sees the cross-domain audit trail that maps to CIP-006, CIP-007, CIP-010, and CIP-014 requirements. The CSO sees an executive risk picture that does not require three weeks of manual assembly.

Drone detection and response is built for the realities of energy infrastructure: large perimeters, minimal onsite staff, remote locations, and the legal reality that site security cannot interdict a UAS. Empyrean integrates RF-based detection, radar, and camera analytics to detect, classify, and track drone activity - then produces evidence-grade documentation including track history, RF signature data, detection time, and correlated physical events that give the FBI field office or the FAA something actionable to work with, not a verbal description over the phone.

Spectrum awareness extends the security picture into the electromagnetic domain without requiring a dedicated EW program or spectrum engineering staff. Empyrean monitors the RF environment around substations, generation facilities, and pipeline infrastructure for GPS jamming, unauthorized emitters, and interference patterns - and correlates them with physical and cyber events. When a GPS timing anomaly at a substation coincides with an unauthorized vehicle near the fence line, the correlation surfaces as a single alert, not two unrelated log entries in two different systems.

Cyber-physical convergence maps the IT/OT boundary as it actually exists - including the vendor remote access sessions, cloud historian connections, and predictive maintenance platforms that create paths the Purdue diagram doesn't show. Empyrean correlates SIEM/EDR alerts with PLC telemetry, badge access events, and physical sensor data without requiring network redesign or breaking existing segmentation. The OT engineer does not need to open new ports or grant the security team access to the control network. Empyrean works with the telemetry that the existing architecture already exports.

Narrative and threat intelligence is fed directly into the security operations workflow - not into a marketing analytics dashboard that the security team never sees. Social media coordination targeting facilities, open-source threat reporting, and physical attack indicators are correlated against your facility and asset inventory so that alerts surface tied to specific substations, plants, or pipeline segments. The site security manager at a remote substation sees a threat indicator relevant to their location, not a generic industry advisory.

The Coordination Reality

Detection without response authority is an alarm that rings in an empty room. Most energy facilities cannot interdict a UAS, detain a trespasser beyond property boundaries, or conduct a criminal investigation. The site security manager's authority ends at the fence line, and in many cases well before it. The Act layer for energy security depends almost entirely on partners - local law enforcement, FBI field offices, CISA regional staff, National Guard civil support, and mutual aid organizations.

Today that coordination happens over phone calls. The site security manager calls the sheriff's office or the FBI and describes what they are seeing. The responding agency has no map, no track data, no camera feed, no sensor context. They write notes while driving. By the time they arrive, the situation has changed and the only record is a dispatcher's log entry and whatever the site security manager remembers to document after the fact.

This is not a training problem. It is an architecture problem. The responding agency cannot see what the site operator sees because there is no mechanism for sharing the operational picture in real time. Empyrean solves this with federation - the ability to push tracks, alerts, facility overlays, and incident context to partner agencies via TAK integration (bi-directional to TAK servers, Cursor-on-Target (CoT) endpoints) or Empyrean's native federation pipeline. The law enforcement partner gets a scoped view of the situation: drone track on the map, alert timeline, relevant camera sectors, facility layout - without seeing internal OT data, proprietary facility information, or anything beyond what the site operator authorizes for sharing.

The model for this is already operational in Colorado, where state agencies use TAK to share operational pictures across jurisdictions. Empyrean extends that model to the energy sector by making the facility operator a first-class participant in the shared picture - not a phone call at the end of a relay chain.

If you are evaluating Empyrean for your energy security program, we encourage you to bring your law enforcement and federal liaison partners into the conversation. The value of converged awareness at the facility is real, but the value multiplies when the people who have the authority to act can see what you see before they arrive. We are happy to run a coordinated demonstration with your response partners to show how federation works in practice.

Compliance as a Byproduct, Not a Project

NERC CIP compliance is the tax that energy security teams pay for operating critical infrastructure, and it is denominated in analyst-hours. CIP-006 physical access logs, CIP-007 system security events, CIP-010 configuration baselines, and CIP-014 physical security assessments each require evidence packages that demonstrate detection, assessment, and response across domains - and each lives in a different system with a different export format and a different retention schedule.

Empyrean's audit trail architecture is designed around the evidence requirements of the standards you are already subject to. Because the platform records every detection, every correlation, every alert, and every authorized action with timestamp, operator identity, source system, and disposition - across all domains, continuously - the raw material for CIP evidence packages is a query against operational data, not a manual reconstruction from log exports. The compliance analyst runs the report instead of building it. The evidence reflects what actually happened, not what someone remembered to document.

This extends to TSA pipeline security directives, NRC cybersecurity requirements, DOE reporting obligations, and internal enterprise risk reporting. The data is the same data the security team uses operationally. The reports are views of that data shaped to the format each regulatory framework requires. The security program and the compliance program are not parallel activities maintained by separate teams - they are the same activity, observed from different angles.

Designed for the Worst Day

Two regulations published in 2026 are changing the game for energy security. The FAA's proposed Part 74 rule (NPRM published May 6, 2026) would establish a formal process for energy facilities to request unmanned aircraft flight restrictions (UAFRs) over substations, power plants, refineries, and other fixed-site infrastructure. Applicants must demonstrate the restriction is necessary for aviation safety, protection of people and property, national security, or homeland security - and documented drone detection data is the evidentiary foundation for a successful application. Meanwhile, the SAFER SKIES Act (effective December 2025) grants certified state and local law enforcement the authority to mitigate drone threats at critical infrastructure, backed by $500 million in FEMA C-UAS grant funding over two fiscal years.

For energy utilities, this means two things: (1) the detection data you collect today becomes the evidence package for your UAFR application when the rule is finalized, and (2) your law enforcement partners can now act on the drone alerts you provide - if you can get the data to them fast enough. Both regulatory paths reward facilities that already have detection in place.

Energy security tools need to work when everything else is failing. Empyrean runs on-premises, at the edge, and in air-gapped configurations with no cloud dependency and no call-home requirement. When the backhaul link to the corporate SOC goes down in a storm, the site installation continues operating independently - detecting, correlating, alerting, and logging - until connectivity is restored and the data synchronizes. When the corporate SOC loses visibility into remote sites, it loses the data feed, not the data. Everything that happened during the outage is preserved and available when the link recovers.

This is not a feature. It is an architectural decision that reflects the reality of operating distributed infrastructure in environments where connectivity is not guaranteed. The tools you use for security must be at least as resilient as the infrastructure you are protecting. If your security platform goes down in the same storm that takes the grid offline, you do not have a security platform - you have a subscription.

The Challenge

01Substations and transmission sites are spread across hundreds of miles, staffed by nobody, and monitored by cameras that lose connectivity in the same storm that makes the site most vulnerable. A fence cut or a drone overflight at a remote substation may go undetected until the next scheduled inspection - if there is one.
02OT engineers are patching around PLCs running end-of-life operating systems that the vendor refuses to certify against current updates. The Purdue model says the network is segmented; the reality is that vendor remote access sessions, historian connections, and cloud-connected HMIs have created paths that no one mapped and no one monitors continuously.
03Drones are surveilling substations, nuclear exclusion zones, and generation facilities. Site security detects them visually - if they detect them at all - and the reporting chain is a phone call to the local FBI field office, who asks for a description and a time stamp. There is no integrated detection, no track history, and no evidence package that survives a follow-up investigation.
04GPS jamming and RF interference near SCADA infrastructure degrades protective relay timing, disrupts microwave backhaul between substations, and introduces sync errors into phasor measurement units. Most utilities do not monitor the spectrum around their substations. The first indication of a jamming event is usually a relay misoperation or a communications alarm - by which point the damage is done.
05Physical attack patterns against substations - rifle fire, arson, vehicle breach, coordinated multi-site targeting - require correlation between threat intelligence feeds, social media activity, and physical sensor data across facilities that may be in different counties with different law enforcement jurisdictions. Today that correlation happens in someone's head, if it happens at all.
06NERC CIP evidence packages consume weeks of analyst time per audit cycle. CIP-006 physical access logs, CIP-007 system security events, CIP-010 configuration baselines, and CIP-014 physical security assessments each live in different systems with different export formats. The compliance analyst reconstructs the cross-domain picture manually every quarter.
07When a real incident occurs - not a drill, not a tabletop - the site security manager's response depends on local law enforcement, FBI, CISA, or National Guard assets that have no visibility into what the site is seeing. The handoff is a phone call: 'We have a drone over the south transformer yard, I think it came from the east.' By the time a patrol car arrives, the drone is gone and the only record is a radio log.
08Storm restoration and security monitoring compete for the same operations center, the same radio channels, and the same staff. During a major weather event - precisely when adversaries know attention is diverted - security alerts disappear into the noise of outage management.

Who This Is For

Chief Security Officer (CSO)CISODirector of Physical SecuritySite Security ManagerOT/ICS Security EngineerNERC CIP Compliance AnalystNuclear Security Officer

Relevant Domains

Air / UASGround / PhysicalElectromagneticCyberInformation / Narrative

Relevant Capabilities

Outcomes

Converged security picture across physical, OT/ICS, cyber, and RF domains - with role-based views for site security, SCADA engineers, corporate SOC, compliance, and executive reporting.
Drone detection and incident documentation for distributed facilities. Detect, classify, track, and log drone activity at substations, refineries, and pipeline infrastructure - with evidence-grade reporting for FBI, FAA, and regulatory escalation.
Spectrum awareness for SCADA timing, microwave backhaul, and GPS-dependent systems. Detect jamming and interference before it cascades into relay misoperations or communications failures.
Cyber-physical convergence that maps the real IT/OT boundary - not the diagram on the wall. Correlate SIEM alerts, PLC telemetry, vendor remote access sessions, and physical access events without requiring network changes or breaking existing segmentation.
Threat and narrative intelligence correlated against your facility inventory. Social media coordination, threat intelligence feeds, and physical attack indicators surface as actionable alerts tied to specific substations, plants, or pipeline segments - not generic industry warnings.
Federated coordination with response partners. Push tracks, alerts, facility overlays, and incident context to local law enforcement, FBI field offices, CISA, and mutual aid via TAK integration or native federation - scoped to what each partner needs and nothing more.
Audit trail architecture designed around NERC CIP evidence requirements. CIP-006, CIP-007, CIP-010, and CIP-014 documentation produced from the same operational data you use every day - not reconstructed from exports after the fact.
Operates in storm, outage, and degraded-communications conditions. Sovereign, air-gappable, and resilient to the backhaul failures that knock out cloud-first tools when you need them most.
← All industries

Related Resources & Insights

Resource11 min read

What is Intelligence Fusion?

Intelligence fusion explained: JDL/DFIG model, multi-INT disciplines, JADC2, and what fusion means for civilian operators.

Resource11 min read

What is Maritime Intelligence?

Maritime intelligence explained: AIS limits, dark vessels, beneficial ownership, sanctions risk, and multi-INT fusion at sea.

Resource7 min read

What is OPSEC?

OPSEC, UTS, and Digital Force Protection explained: the five-step process, five threat vectors, and signature management.

Resource13 min read

What is ATAK?

ATAK explained: TAK clients, EUDs, data packages, mesh networks, federation, plugins, and the CoT protocol that ties it together.

Resource26 min read

Defense & Intelligence Glossary

Defense & intelligence glossary: acronyms and terms for EMSO, C-UAS, JADC2, sensor fusion, SSA, CTF, entity resolution, and TAK.

Resource13 min read

What is Counter Threat Finance?

Counter Threat Finance (CTF) explained: DoDD 5205.14 doctrine, CTF vs. AML, sanctions, shell companies, TBML, and operational software.

Resource10 min read

What is Entity Resolution?

Entity Resolution explained: deterministic, probabilistic, ML, and graph methods for matching records to real-world identities.

Resource13 min read

What is Narrative Intelligence?

Narrative Intelligence (NARINT) explained: detecting and countering influence operations, DISARM framework, CIB, and OSINT.

Resource13 min read

What is EMSO?

EMSO explained: Electronic Warfare, EMBM, JEMSO, Electronic Order of Battle, CEMA, spectrum management, and operational software.

Resource12 min read

What is a Common Operational Picture?

Common Operational Picture (COP) explained: why most COPs fail, display vs. decision surface, edge deployment, and true fusion.

Resource13 min read

What is Space Situational Awareness?

Space Situational Awareness (SSA) explained: orbital tracking, TLEs, the Space Surveillance Network, and counterspace threats.

Resource12 min read

What is Counter-UAS?

Counter-UAS (C-UAS) explained: sensors, fusion, effectors, legal authorities, and layered drone defense for military and critical sites.

Resource12 min read

What is JADC2?

JADC2 explained: why top-down fails, what sensor-up architecture means, and why edge-deployed fusion survives contact.

Resource11 min read

What is Sensor Fusion?

Sensor fusion explained: state estimation, data association, multi-hypothesis tracking, identity provenance, and edge deployment.

Research43 min read

High-Powered Microwave (HPM): From Hard Kill to Residual Risk

3,400 Monte Carlo runs reveal HPM's service-rate ceiling, residual warhead hazard, and cascade failure against 40-400 drone swarms.

Research48 min read

The Devil Dog and the Dragon: USMC IADS vs. PLARF Cruise Missile Saturation

USMC MRIC vs 60 CJ-10 cruise missiles: 92.7% kill rate, then magazine exhaustion at T+28:37. The Marines need more rounds.

Research34 min read

Quantifying Layered Naval Defense Against Hypersonic Glide Vehicles

DF-17 HGV vs Arleigh Burke: 50 Monte Carlo seeds, SM-6 at 23% kill rate, PAC-3 at zero. The timeline is the constraint.

Insight47 min read

Maritime Domain Awareness: The Complete Field Guide

Maritime domain awareness field guide: spectrum, seabed, ownership, and cyber threats that single-domain tools miss.

Insight25 min read

TAK Server on AWS: From Zero to Operational in Under Ten Minutes

Deploy TAK Server on AWS with CloudFormation: TLS, Docker, hardening, and security best practices in under ten minutes.

Insight8 min read

Release Log Vol. 1: Maritime Intelligence & UAS Traffic Management

Empyrean ships Maritime Intelligence, Air Domain Intelligence, and UAS Traffic Management with 20+ data sources and FAA enrichment.

Insight20 min read

The Environment Is Trying to Kill Your Mission. We Want to Mitigate It.

Weather & environmental intelligence that modifies sensor confidence, route feasibility, and UAS BVLOS risk in real time.

Insight73 min read

EMSO Is Everyone's Problem. Let's Do Something About It.

EMSO deep dive: EW history, doctrinal evolution to CEMA, cross-domain effects, and what operators can do about it today.

Insight23 min read

Would the Real Common Operating Picture (COP) Please Stand Up

Most COPs are PowerPoint and uncorrelated feeds. What a real COP requires: fusion, policy, edge deployment, and echelon logic.

Insight7 min read

Building Physics-Backed, Unclassified, Open-Source Defense Research

Introducing Empyrean Defense Research: unclassified, physics-backed wargaming. First drop: 1,500 Monte Carlo sims of DF-17 vs DDG.

Insight37 min read

How the Space Domain Impacts Your Operations

Space domain impacts on EW, ground, maritime, air, and information ops — and what you can do to counter them.

Insight74 min read

Sense, Make Sense, Act: How to Conduct Counter-UAS From Sensors to Deployments

Counter-UAS playbook: 8 sensor types, fusion methods, jam vs. shoot decisions, and layered drone defense for DDIL environments.

Insight12 min read

Why JADC2 Needs Sensor Fusion at the Edge

JADC2 assumes persistent cloud and top-down authority. Operators have neither. Why sensor fusion must live at the edge.

Resource11 min read

What is Intelligence Fusion?

Intelligence fusion explained: JDL/DFIG model, multi-INT disciplines, JADC2, and what fusion means for civilian operators.

Resource11 min read

What is Maritime Intelligence?

Maritime intelligence explained: AIS limits, dark vessels, beneficial ownership, sanctions risk, and multi-INT fusion at sea.

Resource7 min read

What is OPSEC?

OPSEC, UTS, and Digital Force Protection explained: the five-step process, five threat vectors, and signature management.

Resource13 min read

What is ATAK?

ATAK explained: TAK clients, EUDs, data packages, mesh networks, federation, plugins, and the CoT protocol that ties it together.

Resource26 min read

Defense & Intelligence Glossary

Defense & intelligence glossary: acronyms and terms for EMSO, C-UAS, JADC2, sensor fusion, SSA, CTF, entity resolution, and TAK.

Resource13 min read

What is Counter Threat Finance?

Counter Threat Finance (CTF) explained: DoDD 5205.14 doctrine, CTF vs. AML, sanctions, shell companies, TBML, and operational software.

Resource10 min read

What is Entity Resolution?

Entity Resolution explained: deterministic, probabilistic, ML, and graph methods for matching records to real-world identities.

Resource13 min read

What is Narrative Intelligence?

Narrative Intelligence (NARINT) explained: detecting and countering influence operations, DISARM framework, CIB, and OSINT.

Resource13 min read

What is EMSO?

EMSO explained: Electronic Warfare, EMBM, JEMSO, Electronic Order of Battle, CEMA, spectrum management, and operational software.

Resource12 min read

What is a Common Operational Picture?

Common Operational Picture (COP) explained: why most COPs fail, display vs. decision surface, edge deployment, and true fusion.

Resource13 min read

What is Space Situational Awareness?

Space Situational Awareness (SSA) explained: orbital tracking, TLEs, the Space Surveillance Network, and counterspace threats.

Resource12 min read

What is Counter-UAS?

Counter-UAS (C-UAS) explained: sensors, fusion, effectors, legal authorities, and layered drone defense for military and critical sites.

Resource12 min read

What is JADC2?

JADC2 explained: why top-down fails, what sensor-up architecture means, and why edge-deployed fusion survives contact.

Resource11 min read

What is Sensor Fusion?

Sensor fusion explained: state estimation, data association, multi-hypothesis tracking, identity provenance, and edge deployment.

Research43 min read

High-Powered Microwave (HPM): From Hard Kill to Residual Risk

3,400 Monte Carlo runs reveal HPM's service-rate ceiling, residual warhead hazard, and cascade failure against 40-400 drone swarms.

Research48 min read

The Devil Dog and the Dragon: USMC IADS vs. PLARF Cruise Missile Saturation

USMC MRIC vs 60 CJ-10 cruise missiles: 92.7% kill rate, then magazine exhaustion at T+28:37. The Marines need more rounds.

Research34 min read

Quantifying Layered Naval Defense Against Hypersonic Glide Vehicles

DF-17 HGV vs Arleigh Burke: 50 Monte Carlo seeds, SM-6 at 23% kill rate, PAC-3 at zero. The timeline is the constraint.

Insight47 min read

Maritime Domain Awareness: The Complete Field Guide

Maritime domain awareness field guide: spectrum, seabed, ownership, and cyber threats that single-domain tools miss.

Insight25 min read

TAK Server on AWS: From Zero to Operational in Under Ten Minutes

Deploy TAK Server on AWS with CloudFormation: TLS, Docker, hardening, and security best practices in under ten minutes.

Insight8 min read

Release Log Vol. 1: Maritime Intelligence & UAS Traffic Management

Empyrean ships Maritime Intelligence, Air Domain Intelligence, and UAS Traffic Management with 20+ data sources and FAA enrichment.

Insight20 min read

The Environment Is Trying to Kill Your Mission. We Want to Mitigate It.

Weather & environmental intelligence that modifies sensor confidence, route feasibility, and UAS BVLOS risk in real time.

Insight73 min read

EMSO Is Everyone's Problem. Let's Do Something About It.

EMSO deep dive: EW history, doctrinal evolution to CEMA, cross-domain effects, and what operators can do about it today.

Insight23 min read

Would the Real Common Operating Picture (COP) Please Stand Up

Most COPs are PowerPoint and uncorrelated feeds. What a real COP requires: fusion, policy, edge deployment, and echelon logic.

Insight7 min read

Building Physics-Backed, Unclassified, Open-Source Defense Research

Introducing Empyrean Defense Research: unclassified, physics-backed wargaming. First drop: 1,500 Monte Carlo sims of DF-17 vs DDG.

Insight37 min read

How the Space Domain Impacts Your Operations

Space domain impacts on EW, ground, maritime, air, and information ops — and what you can do to counter them.

Insight74 min read

Sense, Make Sense, Act: How to Conduct Counter-UAS From Sensors to Deployments

Counter-UAS playbook: 8 sensor types, fusion methods, jam vs. shoot decisions, and layered drone defense for DDIL environments.

Insight12 min read

Why JADC2 Needs Sensor Fusion at the Edge

JADC2 assumes persistent cloud and top-down authority. Operators have neither. Why sensor fusion must live at the edge.

Resource11 min read

What is Intelligence Fusion?

Intelligence fusion explained: JDL/DFIG model, multi-INT disciplines, JADC2, and what fusion means for civilian operators.

Resource11 min read

What is Maritime Intelligence?

Maritime intelligence explained: AIS limits, dark vessels, beneficial ownership, sanctions risk, and multi-INT fusion at sea.

Resource7 min read

What is OPSEC?

OPSEC, UTS, and Digital Force Protection explained: the five-step process, five threat vectors, and signature management.

Resource13 min read

What is ATAK?

ATAK explained: TAK clients, EUDs, data packages, mesh networks, federation, plugins, and the CoT protocol that ties it together.

Resource26 min read

Defense & Intelligence Glossary

Defense & intelligence glossary: acronyms and terms for EMSO, C-UAS, JADC2, sensor fusion, SSA, CTF, entity resolution, and TAK.

Resource13 min read

What is Counter Threat Finance?

Counter Threat Finance (CTF) explained: DoDD 5205.14 doctrine, CTF vs. AML, sanctions, shell companies, TBML, and operational software.

Resource10 min read

What is Entity Resolution?

Entity Resolution explained: deterministic, probabilistic, ML, and graph methods for matching records to real-world identities.

Resource13 min read

What is Narrative Intelligence?

Narrative Intelligence (NARINT) explained: detecting and countering influence operations, DISARM framework, CIB, and OSINT.

Resource13 min read

What is EMSO?

EMSO explained: Electronic Warfare, EMBM, JEMSO, Electronic Order of Battle, CEMA, spectrum management, and operational software.

Resource12 min read

What is a Common Operational Picture?

Common Operational Picture (COP) explained: why most COPs fail, display vs. decision surface, edge deployment, and true fusion.

Resource13 min read

What is Space Situational Awareness?

Space Situational Awareness (SSA) explained: orbital tracking, TLEs, the Space Surveillance Network, and counterspace threats.

Resource12 min read

What is Counter-UAS?

Counter-UAS (C-UAS) explained: sensors, fusion, effectors, legal authorities, and layered drone defense for military and critical sites.

Resource12 min read

What is JADC2?

JADC2 explained: why top-down fails, what sensor-up architecture means, and why edge-deployed fusion survives contact.

Resource11 min read

What is Sensor Fusion?

Sensor fusion explained: state estimation, data association, multi-hypothesis tracking, identity provenance, and edge deployment.

Research43 min read

High-Powered Microwave (HPM): From Hard Kill to Residual Risk

3,400 Monte Carlo runs reveal HPM's service-rate ceiling, residual warhead hazard, and cascade failure against 40-400 drone swarms.

Research48 min read

The Devil Dog and the Dragon: USMC IADS vs. PLARF Cruise Missile Saturation

USMC MRIC vs 60 CJ-10 cruise missiles: 92.7% kill rate, then magazine exhaustion at T+28:37. The Marines need more rounds.

Research34 min read

Quantifying Layered Naval Defense Against Hypersonic Glide Vehicles

DF-17 HGV vs Arleigh Burke: 50 Monte Carlo seeds, SM-6 at 23% kill rate, PAC-3 at zero. The timeline is the constraint.

Insight47 min read

Maritime Domain Awareness: The Complete Field Guide

Maritime domain awareness field guide: spectrum, seabed, ownership, and cyber threats that single-domain tools miss.

Insight25 min read

TAK Server on AWS: From Zero to Operational in Under Ten Minutes

Deploy TAK Server on AWS with CloudFormation: TLS, Docker, hardening, and security best practices in under ten minutes.

Insight8 min read

Release Log Vol. 1: Maritime Intelligence & UAS Traffic Management

Empyrean ships Maritime Intelligence, Air Domain Intelligence, and UAS Traffic Management with 20+ data sources and FAA enrichment.

Insight20 min read

The Environment Is Trying to Kill Your Mission. We Want to Mitigate It.

Weather & environmental intelligence that modifies sensor confidence, route feasibility, and UAS BVLOS risk in real time.

Insight73 min read

EMSO Is Everyone's Problem. Let's Do Something About It.

EMSO deep dive: EW history, doctrinal evolution to CEMA, cross-domain effects, and what operators can do about it today.

Insight23 min read

Would the Real Common Operating Picture (COP) Please Stand Up

Most COPs are PowerPoint and uncorrelated feeds. What a real COP requires: fusion, policy, edge deployment, and echelon logic.

Insight7 min read

Building Physics-Backed, Unclassified, Open-Source Defense Research

Introducing Empyrean Defense Research: unclassified, physics-backed wargaming. First drop: 1,500 Monte Carlo sims of DF-17 vs DDG.

Insight37 min read

How the Space Domain Impacts Your Operations

Space domain impacts on EW, ground, maritime, air, and information ops — and what you can do to counter them.

Insight74 min read

Sense, Make Sense, Act: How to Conduct Counter-UAS From Sensors to Deployments

Counter-UAS playbook: 8 sensor types, fusion methods, jam vs. shoot decisions, and layered drone defense for DDIL environments.

Insight12 min read

Why JADC2 Needs Sensor Fusion at the Edge

JADC2 assumes persistent cloud and top-down authority. Operators have neither. Why sensor fusion must live at the edge.

Empyrean Defense

Discuss energy security

Let's discuss how Empyrean fits your operational environment.