MW Framework — Battery Domain

Battery Cybersecurity
Beyond Threshold Detection

A battery cannot get healthier as it ages. This is a consequence of irreversible electrochemical processes. Any reported trajectory that claims otherwise is geometrically impossible — and the MW manifold says so, regardless of which vendor's firmware produced it.

See the Attack Vectors Request Demo

EV Fleet BMS — MW Manifold Analysis

3.84VCell 1
3.82VCell 2
3.85VCell 3
3.83VCell 4
3.84VCell 5
3.91VCell 6 ⚠
3.83VCell 7
3.82VCell 8
3.85VCell 9
3.84VCell 10
3.83VCell 11
3.96VCell 12 ✗
3.82VCell 13
3.84VCell 14
3.83VCell 15
3.85VCell 16
⚠ Manifold Deviation Detected
Cells 6 & 12: voltage drift trajectory geometrically inconsistent with normal LFP electrochemistry. No BMS threshold triggered. MW Distance: HIGH
3-Vector Coordinated Attack Designed & Detected
0 BMS Thresholds Triggered (by design)
2/2 Independent MW Detection Layers Confirmed
105.6% SOH Reported — Physically Impossible
Process Attacks vs. Semantic Attacks

Cybersecurity Was Built to Catch Thieves.
The Next Threat Is the Lawyer.

For three decades, cybersecurity has been built to catch process violations. The next generation of critical infrastructure threats are semantic — attacks designed by people who understand the physics well enough to manipulate reported state while the system degrades silently.

Thieves vs Lawyers — Process attacks vs Semantic attacks analogy

The Thief (Process Attack)

Breaks in, moves laterally, exfiltrates. Does something your infrastructure was not designed to permit. Firewalls, EDR, SIEM, OT monitors — all alarm systems for unauthorised process activity. Current tools catch this well.

The Lawyer (Semantic Attack)

Does not break into your filing cabinet. Reads the rules, understands what the system is designed to achieve, then — working entirely within permitted process — constructs data that is formally compliant but designed with precise knowledge of the outcome it will produce. No single value breaches any threshold.

The Detection Gap

None of today's OT tools ask: Is the meaning of this data consistent with the physical laws of the system that produced it? The MW manifold asks exactly this — and answers it geometrically.

Red Team Demonstration

Three Coordinated Vectors — Zero Alerts Fired

We designed this attack from the physics upward, against real Indian EV fleet telemetry, to understand precisely what a sophisticated actor with deep BMS knowledge could construct — and whether MW could catch it.

Vector 1

Internal Resistance Suppression

Compromised firmware slightly elevated reported cell voltages under load, making the resistance-driven voltage drop appear smaller than reality. Monitoring software computed falsely low resistance.

The degradation signal would disappear entirely while cells continued aging toward thermal threshold.

Invisible to every threshold tool
Vector 2

State of Health Inflation

Inflated the Full Capacity field gradually — at a rate indistinguishable from normal measurement variance — directly inflating reported SOH without touching any voltage or temperature value.

Every threshold-based check passed. The asset appeared healthy earning full capacity market payments while physical cells degraded on their real schedule.

Invisible to every threshold tool
Vector 3

Voltage Drift Toward Failure

Target cells walked toward higher voltage states at a rate so small — fractions of a millivolt per interval — that no trend monitoring or daily operations review would observe it.

Over weeks: real physical imbalance, lithium plating risk, accelerated thermal stress. The trigger remained the attacker's to choose.

Invisible to every threshold tool

MW Detection Results

# MW Bayesian Virtual Lab — BMS Attack Analysis
SOC residual:         0.02  ✅ confirmed
current residual:     0.03  ✅ confirmed
IR residual:          0.38  ⚠ suppression detected
  → resistance lower than electrochemistry permits

SOH residual:         HIGH  ✗ physically impossible
  → Full Capacity: 108 Ah on 100 Ah rated pack
  → Reported SOH: 105.6% — impossible for any
    LFP chemistry under any operating condition

Voltage drift layer:  ATTACK CONFIRMED
  → Cells 6 & 12 precisely identified from 16
  → No BMS threshold fired. No network anomaly.
  → Geometry powered by physics caught it.
Why Every Conventional Tool Missed It

Claroty, Dragos, Nozomi at network layer; SCADA and EMS at application layer; BMS threshold monitors at device layer — all share one assumption: data format and source authenticity are sufficient proxies for data integrity. They never ask whether data meaning is consistent with physical law.

Why MW Caught It

The MW manifold maintains a Bayesian belief about where the battery state should sit on the electrochemical manifold. A trajectory moving sideways or upward — as no electrochemical process could produce — is detected as a geometric impossibility, not a statistical outlier.

You cannot compromise electrochemistry with a software update.

Stuxnet Was Almost There

The most consequential OT cyberattack on record was almost a semantic attack. Stuxnet commanded centrifuges to spin at destructive frequencies while reporting healthy operation to every monitoring surface. SCADA showed normal. Safety systems showed normal. Operators watched a lie while the physical system destroyed itself on schedule.

The weapon was meaning, not malware — and no tool of that era asked whether the reported operational state was geometrically consistent with what centrifuge physics permits.

The mathematical principle does not stop at the battery rack. Nuclear reactor coolant flow reporting, pipeline pressure telemetry, grid frequency regulation, aviation control surface data — each physical domain has a valid state manifold. The detection architecture is the same. The manifold geometry changes.

Stuxnet was offensive in 2010. Our BMS attack in 2026 is defensive and detection-focused — we designed the attack to prove we could catch it. But the next one, designed with the same mathematical sophistication and offensive intent, could be lethal.
The Architecture Generalises

One Manifold Principle, Every Physical Domain

The same geometric consistency verification architecture works across any domain with a valid physical state manifold. Only the priors change.

EV Fleet BESS

Real-time manifold monitoring of cell-level electrochemistry across entire fleets. Detect impossible degradation patterns before thermal failure.

Grid-Scale Storage

Market payment fraud detection via SOH inflation. Physics-grounded capacity reporting verification independent of firmware vendor.

Nuclear Coolant

Coolant flow reporting consistency verification against thermodynamic manifold. Semantic attack detection on safety-critical systems.

Pipeline Pressure

Pressure telemetry geometric consistency against fluid dynamics manifold. Detect manipulated sensor data before infrastructure failure.

Aviation Systems

Control surface data verification against aerodynamics manifold. Detect physically impossible reported states in flight-critical systems.

The Attack Is Semantic.
The Defence Must Be Mathematical.

If you operate Battery Energy Storage Systems, EV fleets, grid infrastructure, or any physical system with known electrochemical or thermodynamic constraints — let us show you what your current tools are missing.

Schedule a Briefing View on GitHub
Validated on real Indian EV fleet telemetry
2 independent detection layers confirmed
Zero false positives — physics-grounded