Vir2us, Inc.
Product Data Sheet
CITADEL
Kernel-Level Multi-Domain Critical Infrastructure Security Command & Compliance System for National and Municipal Infrastructure Protection
Patent Pending US Provisional 64/013,180
Filed: March 22, 2026
Related: US 8,775,369 et seq.
+ 10 cross-referenced provisionals
OT/SCADA Native
6-Sector Command
100% Efficacy
Air-Gap Capable
Performance
100%
Efficacy — zero breaches · U.S. DoD verified
<1%
CPU
OT/SCADA overhead · Zero control-loop latency
6
Sectors
Unified command — all critical infrastructure
1
Dashboard
Single pane of glass — national EOC to operator
OT Protocol Support
DNP3
Modbus
IEC 61850
PROFINET
BACnet
SCADA
ICS/PLC
RTU/HMI
Sectors Protected
  • 💧 Water & Wastewater — EPA/AWIA
  • Power & Grid — NERC CIP
  • Transportation — TSA/FAA
  • 🏥 Healthcare — HIPAA/HITECH
  • 🏛 Municipal Gov. — NIST CSF/FISMA
  • 📡 Comms & 5G — FCC/CISA
Compliance Frameworks
EPA/AWIA
NERC CIP
HIPAA
HITECH
NIST CSF
FISMA
TSA Dir.
FAA Cyber
FCC
CISA
ISO 27001
CMMC
Deployment
  • Cloud · Hybrid · On-premises
  • Air-gap / classified (FIPS 140-2)
  • Zero-downtime live insertion
  • No control-loop disruption
  • Local policy tables — no cloud dependency
  • Asynchronous telemetry accumulation
Citadel is the world's only unified kernel-level security command system for multi-domain critical infrastructure — deploying CCE/UCE kernel agents across water, power, transportation, healthcare, municipal government, and communications simultaneously, governed by a single command dashboard with cross-sector kill-chain detection and automated compliance orchestration across every applicable regulatory framework.
The Critical Infrastructure Security Problem

Critical infrastructure was engineered for operational reliability — not for resistance to cyberattack. Industrial control systems now networked for remote management carry attack surfaces that did not exist at design time. Conventional security products cannot be deployed in OT/SCADA environments without introducing unacceptable latency into real-time control loops. Nation-state actors — documented in CISA/NSA advisories as having pre-positioned persistent implants in U.S. electrical, water, and communications infrastructure — operate below the OS layer where every high-stack security product is structurally blind. And no prior system provides the cross-sector visibility required to detect coordinated multi-vector attacks that appear sub-threshold in each sector's independent monitoring.

Core Architecture
CITADEL SYSTEM ARCHITECTURE — DEPLOYMENT TOPOLOGY
COMMAND
CITADEL COMMAND CENTER + CISO-AI
Unified cross-sector dashboard · Multi-domain kill-chain detection · Cross-framework compliance orchestration · Role-stratified views: National EOC / Municipal / Infrastructure Operator · Real-time autonomous reporting
↕  Kernel-Secured Cryptographically Authenticated Telemetry  ↕
ORCHESTRATION
CISO-AI
Autonomous operations · Task generation · Compliance automation
Compliance Engine
EPA · NERC CIP · HIPAA · CISA · FAA · TSA · Auto-remediation
Kill-Chain Detector
Cross-sector correlation · Sub-threshold aggregation · Nation-state pattern ID
↕  CCE/UCE Isolated Kernel Telemetry  ↕
SECTORS
Water
DNP3 · Modbus · Chemical dosing
Power
IEC 61850 · NERC CIP · Grid SCADA
Transport
Rail · Air traffic · TSA
Healthcare
BACnet · HIPAA · Medical nets
Comms/5G
PROFINET · Telco · Public safety
↕  CCE/UCE OT Kernel Agent Enforcement  ↕
KERNEL
CCE/UCE OT KERNEL SECURITY AGENT — Every Infrastructure Node
<1% CPU · Zero control-loop latency · Air-gap capable · FIPS 140-2 · Local policy tables · DNP3/Modbus/IEC 61850/PROFINET/BACnet native support · Live insertion · No downtime
Six Core Capabilities
CCE/UCE OT Kernel Security Agent

Adapted CCE/UCE kernel architecture for OT/SCADA environments — operating with <1% CPU overhead and zero measurable control-loop latency. Supports DNP3, Modbus, IEC 61850, PROFINET, and BACnet natively. Deploys via live insertion without system restart or operational disruption. Maintains full local autonomy — no cloud connectivity required for enforcement.

Unified Citadel Command Center

Single-pane-of-glass dashboard aggregating security and compliance telemetry from all protected infrastructure sectors simultaneously. Role-stratified views for national emergency operations center, municipal government, and infrastructure operator roles. Cross-sector situational picture that cannot be falsified by compromised application-layer processes.

Cross-Sector Compliance Orchestration

Simultaneously maps the security state of each protected infrastructure sector against its applicable regulatory framework — EPA for water, NERC CIP for power, HIPAA for healthcare, TSA for transportation, FCC for communications, CISA cross-sector for all — detecting compliance drift, generating remediation directives, and archiving audit evidence in real time.

Multi-Domain Kill-Chain Detection

The only commercial system capable of detecting coordinated multi-sector nation-state attacks. Anomalous events that appear sub-threshold in each independent sector monitor are correlated across all sectors simultaneously — identifying the attack pattern only visible in cross-domain correlation. Designed specifically for Volt Typhoon and similar coordinated infrastructure campaigns.

US Provisional Patent 64/013,180 · Related: US 8,775,369 et seq. · 10 cross-referenced provisionals  ·  © 2026 Vir2us, Inc. · Confidential & Proprietary · Page 1 of 2
sales@vir2us.com
CITADEL™ PRODUCT DATA SHEET  ·  VIR2US, INC.
US Provisional 64/013,180 · Filed March 22, 2026
Kernel Agent Capabilities
  • Kernel-level process isolation — all processes in CCE/UCE containers
  • OT protocol anomaly detection — kernel-level monitoring
  • Unauthorized command blocking — pre-execution enforcement
  • Firmware integrity verification — DLL/library chain validation
  • Deterministic table lookup — no cloud, no hashing, no I/O
  • Asynchronous telemetry — works with air-gapped ops
  • Live insertion — observe-only to enforcement mode
Response vs. Legacy Monitoring
  • Cross-sector detection: Real-time vs. impossible
  • OT protocol visibility: Kernel vs. network-layer only
  • Control loop impact: <1% vs. 26–90% CPU
  • Air-gap operation: Full vs. cloud-dependent
  • Coordinated attack ID: Citadel only vs. unavailable
  • Compliance frameworks: All simultaneous vs. siloed
Regulatory Auto-Coverage
  • EPA Safe Drinking Water Act
  • AWIA 2018 Risk & Resilience
  • NERC CIP (all applicable standards)
  • HIPAA Security Rule + HITECH
  • TSA Surface & Aviation Directives
  • FAA Cybersecurity Requirements
  • CISA Cross-Sector Requirements
  • NIST CSF · FISMA · FCC
Validated By
  • U.S. Department of Defense
  • NSA — Michael Jacobs (Pres. Award)
  • Sandia National Labs / Lockheed Martin
  • U.S. World Airports — 15 mo. / 7K eps.
  • CA Office of Emergency Services (5G)
  • DARPA · MITRE · Pentagon
Multi-Domain Kill-Chain Detection
How Coordinated Nation-State Attacks Are Detected
Water Anomaly
Unusual DNP3 command sequence detected at treatment plant. Sub-threshold in water sector monitor alone.
Grid Anomaly
IEC 61850 substation query pattern outside normal parameters. Sub-threshold in NERC CIP monitor alone.
Hospital Anomaly
BACnet lateral probe from compromised workstation. Sub-threshold in healthcare monitor alone.
Citadel Correlation
Three simultaneous sub-threshold events across independent sectors — pattern matches coordinated multi-vector attack signature. Escalation triggered.
Autonomous Response
CISO-AI generates cross-sector incident directive. Alerts routed to national EOC, municipal, and infrastructure operator roles simultaneously.
Result: Contained
Kernel agents enforce containment at each node. Attack prevented. Evidence archived. Regulators notified automatically.

This detection scenario is impossible with any single-sector or siloed security architecture. Citadel is the only commercial platform providing this capability.

Citadel vs. Legacy Critical Infrastructure Security
Capability Legacy OT Monitor / SIEM Citadel CCE/UCE Outcome
Operating level Network / application layer (above-OS) Kernel-level — below OS on every node ✓ No blind spots
OT/SCADA native support ✗ Passive network monitoring only DNP3/Modbus/IEC 61850/PROFINET/BACnet kernel agents ✓ Protocol-native
Control-loop latency Incompatible — introduces latency <1% CPU · Zero measurable latency ✓ Real-time safe
Cross-sector kill-chain ✗ Siloed — not possible Continuous multi-domain correlation ✓ Citadel exclusive
Compliance orchestration Single-sector, manual mapping All frameworks, all sectors, simultaneous ✓ Fully automated
Air-gap operation ✗ Cloud-dependent updates Full local autonomy · FIPS 140-2 ✓ Classified deployable
Insider threat / supply chain ✗ No kernel enforcement Structural isolation — unauthorized code cannot execute ✓ Structural immunity
Nation-state APT defense ✗ Evaded by below-OS implants Kernel agent detects and blocks at agent level ✓ Below attacker's layer
Sector Coverage & Regulatory Compliance
💧
Water & Wastewater
EPA / AWIA 2018 / CISA
DNP3/Modbus kernel agents · Chemical dosing integrity · Oldsmar-class attack prevention · AWIA compliance automation
Electrical Power & Grid
NERC CIP / DOE / CISA
IEC 61850 substation protection · NERC CIP continuous compliance · Grid cascade detection · Physical destruction prevention
Transportation & Aviation
TSA Directives / FAA / DHS
Airport OT protection (validated: USWA 15 mo., zero breaches) · Rail SCADA integrity · Air traffic management hardening
🏥
Healthcare Systems
HIPAA / HITECH / CISA
BACnet / medical device network isolation · HIPAA continuous compliance · Ransomware structural immunity · EHR integrity
🏛
Municipal Government
NIST CSF / FISMA / CISA
Police CAD / 911 protection · Court & finance system integrity · NIST CSF automation · Atlanta/Dallas-class attacks prevented
📡
Communications & 5G
FCC / CISA / FirstNet
PROFINET hardening · 5G infrastructure security · Public safety radio integrity · Salt Typhoon-class telecom attacks prevented
Technical Specifications
ArchitectureKernel-level CCE/UCE · Below-OS · Deterministic table lookup enforcement
CPU / Latency<1% CPU overhead · Zero measurable control-loop latency · DoD verified
PatentUS Provisional 64/013,180 · March 22, 2026 · Related: US 8,775,369 et seq.
OT ProtocolsDNP3 · Modbus · IEC 61850 · PROFINET · BACnet · SCADA / ICS / PLC
CryptographyFIPS 140-2 compliant · Kernel-secured authenticated telemetry channels
DeploymentCloud · Hybrid · On-premises · Air-gap · Classified national security
InstallationZero-downtime live insertion · Observe-only → enforcement mode · No restart required
SLA99.9% uptime · P1 (active breach): 2-hr response · P2: 4-hr response
Government Validation — Sandia National Laboratories / Lockheed Martin · April 2014
"Vir2us and Sandia are planning to run a CodeSeal pilot project utilizing Vir2us' Citadel — a fully integrated, secure enterprise solutions suite... enhancing the Immunity Enterprise Suite protecting systems that control critical infrastructures, financial services and national security."
— Official Public Announcement, Sandia National Laboratories (NNSA/DOE) / Lockheed Martin Corporation
448 Ignacio Blvd., Suite 330 · Novato, CA 94949  ·  © 2026 Vir2us, Inc. · Page 2 of 2
sales@vir2us.com