Most physical-security tools see incidents. We are building the layer that sees the recon window — the casing, scoping, dwelling, and returning that happens before any line is cut, panel is taken, or wire is pulled. The same behavioral signature catches the copper-theft crew that hits a substation on a Tuesday and the multi-night reconnaissance pattern that precedes a coordinated physical attack. We name the signature and we watch for it.

The problem isn’t hypothetical anymore.

• Wheeling, West Virginia — March 6, 2026. Appalachian Power substation vandalism left 7,800 customers in the dark for 7.5 hours.
• Berlin — September 9–11, 2025. Pylon arson left 50,000 households without power for 60 hours — the longest sustained outage Berlin has seen since the war.
• NERC E-ISAC, end of 2024. 3,500 physical-security breaches across the grid. +25% year-over-year. 10× since 2016. Roughly two outages a week.

And these are the named ones. Most copper-theft and vandalism incidents never make a headline. The U.S. Department of Energy estimates copper theft alone costs American businesses about $1 billion per year. The loss multiplier is severe: damages exceed the value of stolen copper by 10–28× — a $100 piece of wire pulled from an Oklahoma co-op substation produced a $1M repair bill when the resulting fire took a transformer with it.

The market no one is serving at scale.

Of the roughly 75,000 substations in the United States, fewer than 1,000 are regulated under NERC CIP-014. The rest — the other 74,000 — are CIP-014 exempt, discretionary at the operator’s choosing. Rural electric cooperatives. Municipal utilities. Independent power producers. Battery energy storage operators. Solar farms. Small refineries, midstream terminals, and industrial customer-substations.

Together they own most of the distribution wire and most of the land area in this country. They feel copper-theft and vandalism pain every quarter. And they have no security platform — because the procurement-consulting-fee economics of the incumbent monitoring vendors don’t reach below the Fortune-500 procurement cycle. The math that works for an operations manager is different from the math that works for an enterprise CFO. This is the buyer tier the incumbents can’t profitably serve.

What Edge Orbital is building.

Edge Orbital is building critical-infrastructure monitoring that is architecturally different from the incumbent stack — not a cheaper version of the same thing, a different shape of system. Three properties define what we mean by decentralized resilience for national interest infrastructure.

1 · Each site stands alone. Every monitoring node runs full perception and pre-incident detection locally — no central cloud dependency, no SCADA-team integration cost, no always-on monitoring fee. A node continues to do its job during a regional internet outage, during a sustained attack on backhaul, during the kind of contested conditions where infrastructure monitoring matters most. This is what “decentralized” means as an architectural property, not a marketing word.

2 · Operator-budget pricing. The system is designed against the operations-manager spreadsheet first, not the enterprise-procurement RFP. Per-site economics live at the tier where a 12-county co-op can deploy across its full footprint, not just one site. The platform is the spatial database underneath; the behavior layer is what makes the database actionable; the unit economics are what make the buyer tier open in the first place.

3 · Pre-incident detection on the patterns that matter. Copper-theft signatures (extended after-hours dwell, irregular movement against the fence line, vehicle stage-and-return patterns), physical-attack precursors (the multi-night reconnaissance pattern that preceded Moore County and similar incidents), and equipment status anomalies under conditions a perimeter camera alone would miss. Detection is sensor-fusion-driven and runs at the edge — the alert fires before the failure mode completes, not as a forensic record afterward.

We are pre-pilot, and we are explicit about that. What we are building toward is field deployment with the architecture above and the customer tier above as the explicit design constraints. Capability before claim.

Why now — convergent windows.

• Attack volume. NERC E-ISAC physical-security breaches up 10× since 2016, with 3,500 in 2024 alone. Substation events are now a baseline operating cost, not a rare event. Insurers are pricing accordingly.
• Federal funding aligned with the customer tier. DOE’s $10.5B Grid Resilience and Innovation Partnerships (GRIP) program — §40101(c) of the Infrastructure Investment and Jobs Act — directs resilience funding through exactly the buyer tier the incumbent vendors don’t reach. Reindustrialization at the pole depends on the parts of the grid that aren’t on coastal investor decks, and federal infrastructure policy chose the same customer Edge Orbital chose.
• Regulatory expansion. The 2025 NERC expansion of CIP-014 brings physical-security planning obligations down from transmission-tier into the distribution-feeder layer. NFPA 855 tightens fire-and-physical requirements on battery energy storage. The compliance landscape moved toward the gap; the procurement options haven’t followed.
• Threat surface. Adversaries who study where the grid is exposed have done their homework. The 2022 Moore County incident — 45,000 customers offline for days — was not on a transmission-tier substation. It was on a distribution-tier substation operated by a co-op. The parts of the grid most consequential to national interest infrastructure sit on co-op-owned distribution feeders.

Dual-use, by design.

The same sensing layer that protects a co-op substation hardens a small industrial site. Edge Orbital’s system is dual-use, by design in the precise sense the term means in American Dynamism investing — the underlying perception, fusion, and pre-incident-detection capability serves both civilian critical-infrastructure and adjacent dual-use applications without re-engineering.

A co-op distribution substation. A community-solar BESS installation. A small-industrial perimeter — a regional grain elevator, a county-owned water-treatment plant, a rural data-center site, a battery-storage farm on leased land. The buyer tier is shared. The threat profile is shared. The operating-budget constraint is shared. The architectural answer — decentralized, sensor-fused, edge-resident, operator-priced — is the same answer.

This is what we mean by infrastructure for the unguarded. Not metaphor. The unguarded edge of the grid, the unguarded perimeter of the small industrial site, the unguarded approach to the regional water-treatment plant. The places critical-infrastructure policy now obligates someone to monitor, that the incumbent stack was never priced to reach, and that adversaries have already identified.

The cluster.

The pages below are the working positions of the critical-infrastructure cluster — each one a specific buyer profile, a specific threat surface, and a specific articulation of how the architecture applies. They are written at capability level and updated as the build progresses.

• Rural electrification at the edge — 832 rural electric cooperatives, 56% of the U.S. landmass, the structural-gap thesis.
• Copper theft — the behavioral signature, the $1B-per-year industry loss, the recon-window detection layer.
• Substation monitoring — CIP-014 expansion into the distribution-feeder layer, the 74,000 exempt substations, operator-budget perimeter monitoring.
• BESS safety — NFPA 855 obligations on lithium-ion storage, thermal-precursor and perimeter fusion at the 10–50 MW community-solar tier.
• Grid resilience — the generation-versus-delivery bottleneck, decentralized resilience as an architectural property, the sensing layer under the distributed grid edge.

And from the public-safety cluster, sharing the same architecture and the same buyer tier:

• Wildfire detection — early warning for utility-scale solar, BESS, and rural infrastructure at the wildland-urban interface.
• Campus perimeter — institutional buyer persona, proactive infrastructure framing.
• Incident response — interop with first-responder dispatch, situational-awareness layer for local civilian operators.

What we are not.

We are not an enterprise platform priced down for small customers. The architecture is genuinely different — sensor-fused, edge-resident, operator-priced, designed against the operations-manager spreadsheet. Most of our customers will be buying their first security platform; we don’t displace an incumbent because there isn’t one.

We are not a video-management system. We are not an alarm aggregator. We don’t watch what has already happened; we watch what is happening before it becomes what happened. Pre-incident detection is the category — adjacent to during-incident acoustic detection, to CCTV’s post-incident review, and to all-incident defense platforms operating at national scale — and structurally below all of them in cost-per-site.

Who this is for.

If you are responsible for a rural electric cooperative, a municipal utility, an IPP portfolio, a BESS facility, a solar farm, a midstream terminal, or any operations footprint that does not quite fit a CIP-014 budget — there is now a security architecture being built for you. Not built down to your price point. Built for the structural realities of your operating environment: lean staff, remote sites, operations-manager signing authority, federal-funding eligibility, and a fundamentally different threat picture than what the named enterprise vendors are tuned for.

Operate where they can’t.

Edge Orbital’s platform was originally built as a wireless-mesh and edge-AI stack for tactical communications. Its structural fit for distributed energy infrastructure is no accident — the constraints that produce a useful sensing layer in the field (lean architecture, mesh resilience, local intelligence, no upstream dependency) are the same constraints faced by every operator below the F500 procurement line.

We are not asking you to replace what works. We are building the layer that doesn’t exist yet — the pre-incident sensing layer for the assets nobody is profitably watching. Request the operator briefing for the technical architecture and the federal-resilience funding map.

See also: the parent safety pillar; the platform; about Edge Orbital; and the founder’s note — Atoms at the Pole.