Optional Capabilities

Modules that plug into TEW — C-UAS, Port/Maritime, Cyber

Drop-in packs that extend TEW workflows with domain-specific data, playbooks, and dashboards. All outputs remain auditable, cited, and human-in-the-loop.

IntegrationZero-copyFeeds → IPO → Products
DashboardsCOPsRole-based
ModelsLocal LLMRAG + Guardrails
OutputsAdvisories • IAPs • SITREPsIC/UC-ready

C-UAS (Counter-UAS)

Sensor fusion, classification, operator-hunt SOPs, and authority lanes.

Features

Detect → Discriminate → Locate

Track correlation (RF/radar/EO-IR), nuisance vs malevolent scoring, operator-hunt checklist, legal/authority lane banner, auto-AAR timeline.

Data Sources

Sensors & context

RF direction finding, radar tracks, EO/IR, geofence/K-list, venue RIFs (roof access, HVAC, crowd density), NOTAMs/weather.

Playbooks

Sample set

Nuisance UAS, Suspected Recon, Payload Suspicion, Swarm Indicators, Lost Link/Return-to-Home Intercept.

Demo Scenario

Swarm over stadium (pre-game)

Multiple low-altitude tracks; module correlates RF/radar, marks “unknown-nuisance,” triggers operator-hunt, and drafts a Warning + IAP annex for IC/UC review.

Get scenario files See flow

Port / Maritime

Port COP with bathymetry, channels, AIS, terminal RIFs, and cross-infra impacts.

Features

Maritime situation awareness

AIS tracks, berth status, cargo/IMO flags, bathymetry/approaches, plume & spill models, terminal KOCOA, intermodal choke points.

Data Sources

Feeds & layers

AIS, tide/wx, port cameras, power/ITS overlays, terminal RIFs (berths, yard plans), hazmat inventories, EOC partner bulletins.

Playbooks

Sample set

Hazmat Spill, Berth Intrusion, EAS Deception, Tug/Channel Blockage, Power/ICS Compromise, Rail Gate Disruption.

Demo Scenario

Hazmat release at Berth 3

Module overlays plume against terminals, evacuation/shelter-in-place, medical surge, and trucking routes; drafts Net Assessment + Warning annex for IC/UC.

Get scenario files See RIF/Mission folders

Cyber

Cyber Target Folders + deception & cross-infra impacts, tied to physical RIFs.

Features

Cyber-physical picture

Service maps (AD, email, SCADA/HMI), criticality ranking, power dependencies/alt-power, contacts, links to physical RIFs for field intervention.

Data Sources

What feeds it

SOC alerts, ICS telemetry, EDR summaries, change tickets, asset inventory, network diagrams, DNS/PKI status, power provider data.

Playbooks

Sample set

ITS Signal Tamper, EAS Deception, Credential Stuffing (Ops), Ransomware (City), OT Sensor Spoof, Data Exfiltration.

Demo Scenario

EAS deception during storm

Module detects conflicting alerts, correlates with power & traffic layers, drafts corrected public messaging + IAP annex; logs dissemination for audit.

Get scenario files See automation & lockpoints

Integration & outputs

All modules feed the same TEW artifacts and product pipeline.

IPO

One fusion workbench

Modules contribute layers to the IPO canvas (maps, models, COAs). Analysts keep a single source of truth.

Products

Advisories • IAPs • SITREPs

Drafted with citations from RIFs, Mission Folders, and module data; redaction applied by role before dissemination.

AAR

Learning loop

Auto-built timelines; validated lessons codified back to playbooks/RIFs for the next incident.

Try a module scenario

Download sample data and run a tabletop — from intake to products.

Download Request Access