Modules that plug into TEW — C-UAS, Port/Maritime, Cyber
Drop-in packs that extend TEW workflows with domain-specific data, playbooks, and dashboards. All outputs remain auditable, cited, and human-in-the-loop.
C-UAS (Counter-UAS)
Sensor fusion, classification, operator-hunt SOPs, and authority lanes.
Detect → Discriminate → Locate
Track correlation (RF/radar/EO-IR), nuisance vs malevolent scoring, operator-hunt checklist, legal/authority lane banner, auto-AAR timeline.
Sensors & context
RF direction finding, radar tracks, EO/IR, geofence/K-list, venue RIFs (roof access, HVAC, crowd density), NOTAMs/weather.
Sample set
Nuisance UAS, Suspected Recon, Payload Suspicion, Swarm Indicators, Lost Link/Return-to-Home Intercept.
Swarm over stadium (pre-game)
Multiple low-altitude tracks; module correlates RF/radar, marks “unknown-nuisance,” triggers operator-hunt, and drafts a Warning + IAP annex for IC/UC review.
Port / Maritime
Port COP with bathymetry, channels, AIS, terminal RIFs, and cross-infra impacts.
Maritime situation awareness
AIS tracks, berth status, cargo/IMO flags, bathymetry/approaches, plume & spill models, terminal KOCOA, intermodal choke points.
Feeds & layers
AIS, tide/wx, port cameras, power/ITS overlays, terminal RIFs (berths, yard plans), hazmat inventories, EOC partner bulletins.
Sample set
Hazmat Spill, Berth Intrusion, EAS Deception, Tug/Channel Blockage, Power/ICS Compromise, Rail Gate Disruption.
Hazmat release at Berth 3
Module overlays plume against terminals, evacuation/shelter-in-place, medical surge, and trucking routes; drafts Net Assessment + Warning annex for IC/UC.
Cyber
Cyber Target Folders + deception & cross-infra impacts, tied to physical RIFs.
Cyber-physical picture
Service maps (AD, email, SCADA/HMI), criticality ranking, power dependencies/alt-power, contacts, links to physical RIFs for field intervention.
What feeds it
SOC alerts, ICS telemetry, EDR summaries, change tickets, asset inventory, network diagrams, DNS/PKI status, power provider data.
Sample set
ITS Signal Tamper, EAS Deception, Credential Stuffing (Ops), Ransomware (City), OT Sensor Spoof, Data Exfiltration.
EAS deception during storm
Module detects conflicting alerts, correlates with power & traffic layers, drafts corrected public messaging + IAP annex; logs dissemination for audit.
Integration & outputs
All modules feed the same TEW artifacts and product pipeline.
One fusion workbench
Modules contribute layers to the IPO canvas (maps, models, COAs). Analysts keep a single source of truth.
Advisories • IAPs • SITREPs
Drafted with citations from RIFs, Mission Folders, and module data; redaction applied by role before dissemination.
Learning loop
Auto-built timelines; validated lessons codified back to playbooks/RIFs for the next incident.
Try a module scenario
Download sample data and run a tabletop — from intake to products.