When a control system anomaly coincides with cyber threat intelligence, the system correlates the signals and alerts both civil and military authorities — because it's rarely just a malfunction.
A water treatment facility's control systems show anomalous behavior. It's unclear whether this is a malfunction or a cyber-physical attack.
The OT gateway monitors the facility's PLCs and SCADA systems via native Modbus and DNP3. It detects a process variable change — chlorine dosing setpoint modified outside the normal operational band.
The anomaly is correlated with the OSINT cyber threat feed, which has been tracking an increase in ICS-targeted scanning activity in the region. The Cognitive Warfare Engine evaluates the temporal correlation and assigns a threat assessment.
The civil command console alerts the operator with the anomaly, the correlated cyber intelligence, and a recommended response — isolate the affected process loop. The OT gateway can execute an emergency stop if authorized. The military C2 console is notified in parallel if the event is assessed as part of a broader campaign.
The decision log captures the full chain: what the sensors saw, what the correlations were, what the system recommended, and what the operator decided.