Within the operations-research framework, we develop a multi-objective model for optimal allocation of security resources in an environmental-monitoring CPS, jointly reflecting technical, organizational, and wartime uncertainty factors. The overall system security index is maximized by objective function ( 1 ): ( 1 )

This expression aggregates the contribution of each component through importance weights w i, reliability Ri, attack success probability P i, and wartime effectiveness E i. Intuitively, ( 1 ) increases the overall security level Z when (a) reliabilities of critical nodes improve; (b) the chance of a successful attack decreases; and (c) countermeasures remain effective under battlefield i to the operational situation (power outages, link loss, logistics constraints). In short, ( 1 ) “absorbs” both structural properties and wartime effectiveness.

Realism is enforced by budgetary and timing constraints that bound the rollout of defenses. The financial constraint ( 2 ) is:

where C i is the full “protection cost” of component i(procurement, integration, operations) and B the available budget. Operationally, ( 2 ) is portfolio planning under a fixed cost ceiling. For wartime stress scenarios, maintain a separate “emergency budget” for rapid re-connection/replaceand-go actions.

The time constraint ( 3 ) is: where T i is the deployment/activation time of safeguards for component i , and T the deadline. This barrier excludes strategies that cannot be made operational within the decision window. For critical assets, use staged planning (minimal viable protection by t 1, full capability by t 2).

The key stochastic element is the P imodel, describing how the set of defenses reduces baseline vulnerability while accounting for battlefield factors. Expression ( 4 ) is: ( 2 ) ( 3 ) ( 4 ) where P 0iis the pre-defense attack success probability for i ; e j the effectiveness of defense j ; x i j its application (0/1 or fraction); and W the wartime multiplier (typically 1.5–3.0). Interpretation: in peacetime W → 1; under shelling, prolonged power loss, or active APT campaigns, W increases, inflating residual risk even after defenses are in place. Calibrate e j from incident histories and red-team tests; calibrate W from the operational picture (DDoS frequency, packet loss, physical damage). In sensitivity analysis, test “worst-day” settings with W near its upper bound to eliminate brittle configurations.

System survivability under war describes how long minimum required functionality can be preserved amid combined cyber and physical stressors. Function ( 5 ) definesS ( t ), the probability of “keeping the system afloat” at timet : ( 5 ) where Ri ( t )are time profiles of reliability for component classes; k i redundancy levels; A ( t ) adaptability; and V ( t ) resistance to wartime impacts (shielding, alternate communications, local power buffers, etc.). Practically, if redundancy is sufficient and adaptability swiftly retunes configurations to new conditions,S ( t ) can increase even with partial infrastructure loss. The dynamics of adaptability are formalized by Equation ( 6 ):

where A0 is the starting capacity to reconfigure; α the degradation rate (wear-out, fatigue, information noise); β the learning intensity; and E ( t ) accumulated response experience. In applying ( 6 ), aim to: (a) minimize α via maintenance and model rotation; (b) raise β through accelerated patch cycles and federated/edge learning; and (c) accumulate E ( t )as playbooks and reusable artifacts (signatures, behavior vectors).

Another critical marker is graceful degradation. The coefficient ( 7 ) is: ( 6 ) ( 7 ) ( 8 ) ( 9 ) with F min and F max the functionality bounds; λ the service-shedding speed; μ the recovery tempo; and R rate ( t )the instantaneous “back-to-service” rate. In wartime, F min is deliberately kept around ≈ 0.3−0.5to guarantee critical services (contamination detection, emergency alerts) despite up to ~70% node or channel loss. If λ ≫ μ , the system “falls off a cliff”; if μ is high thanks to power reserves, backup links, and local analytics, degradation remains controlled and short.

Portfolio-level security management uses the integrated risk ( 8 ): where qi is the likelihood of threat i , Lithe expected loss, and M i mitigation effectiveness (reducing impact). In practice, ( 8 ) serves as a top-level KPI tied back to constraints ( 2 )–( 3 ): a 1% reduction in integrated risk under fixed B and T quantifies the “price of security” in money and days.

The wartime risk multiplier ( 9 ) refines ( 8 ) by incorporating spatio-temporal proximity to hostilities:

where Proximity is proximity to the combat zone ( 0-1 ), Infrastructure_damage is the level of infrastructure damage ( 0-1 ), Cyber_intensity is the intensity of cyber threats ( 0-1 ), k ₁, k ₂, and k ₃ are calibrated coefficients

The conceptual architecture of the war-adapted system follows a layered design in which the strategic tier acts as the top control plane for policy, prioritization, and inter-agency coordination. Geographical dispersion of data centers across international, national, and regional tiers mitigates correlated failure from kinetic attacks. International DCs hosted in friendly countries (e.g., Poland, Romania) provide continuity and remote control options if national infrastructure is severely compromised. National facilities are distributed across multiple Ukrainian regions to avoid simultaneous impact, while regional compute centers are engineered for elevated autonomy and quasi-offline operation, sustaining minimum essential services even when inter-regional links are impaired. In the diagram corresponding to Figure 5.1, this appears as a cascade from policy and orchestration down to the edge domains where first-line decisions are taken.

The fog/edge tier is the keystone of survivability. Hardened edge servers in secured district sites perform pre-processing, noise filtering, and local decision-making without mandatory connectivity to upper tiers. Mobile stations packaged as vehicle or container units can be deployed within hours to backfill coverage gaps and replace lost static nodes. Fortified nodes feature EMP shielding, redundant power, and guaranteed autonomy up to 72 hours. To preserve service under network degradation, automated failover policies reconfigure routes and switch to satellite or microwave links; non-essential functions are temporarily shed so that priority flows—contamination detection, emergency alerts, asset health telemetry—remain available.

The sensing periphery is realized as a redundant mesh with high-density IoT sensors across water bodies, providing alternate telemetry paths and compensating for node loss. Collector drones operate in hard-to-reach or hazardous areas, including near active conflict zones, while autonomous stations with solar power and batteries can run for weeks without upstream connectivity, buffering data and transmitting opportunistically. Model and configuration updates are orchestrated in tiers: regional centers fan out packages to the edge, and edge infrastructure propagates them to sensors with awareness of link quality and energy budgets, keeping algorithms up to date without interrupting service.

A security subsystem spans every layer. Post-quantum cryptography protects long-horizon channels and storage; Zero Trust principles remove implicit trust by enforcing microsegmentation, least privilege, and per-interaction verification; adaptive ML blends behavioral analytics with cross-layer event correlation to surface emerging threats in time. Under wartime stress, this integration supports fast service restore targets (30–60 seconds to a safe degraded mode), 72+ hours of autonomy for hardened nodes, reduced energy consumption via edge computation, and resilient update logistics even amid link disruptions.

Post-quantum cryptography is based on the use of cryptographic algorithms that remain secure even in the presence of an adversary's quantum computing capabilities. Such algorithms ensure long-term confidentiality and data integrity, neutralising the threat of information decryption by future quantum systems. Their implementation is a key element in building a resilient cryptographic infrastructure in critical cyber-physical systems.

Zero Trust architecture is based on the principle of ‘trust no one by default’. Every access request—regardless of its source, location, or user status—undergoes authentication, authorisation, and security context verification. This approach minimises the risk of unauthorised intrusion into the internal network and provides flexible access control in dynamic threat environments.

Adaptive Machine Learning is used to continuously analyse system behaviour, traffic and security events. It is capable of independently updating models, detecting new, previously unknown types of anomalies or attacks. This allows the system to respond to threats in real time without requiring manual intervention.

In a military context, these approaches are of critical importance. Systems must be capable of countering state-level APT (Advanced Persistent Threats) attacks, remaining operational when exposed to electromagnetic pulses (EMP) caused by nuclear or high-frequency explosions, and ensuring graceful degradation of functions in the event of physical damage or destruction of infrastructure components.

Together, these technologies form a multi-component defence architecture that combines cryptographic resilience, behavioural analytics and flexible adaptation to military-critical conditions, ensuring the continuity of cyber-physical environmental monitoring systems even in emergency situations

Counteraction to APT attacks is implemented through a multi-layered monitoring system, behavioral analysis of users and processes, and coordination with national cybersecurity agencies. This ensures early anomaly detection and reduces the likelihood of prolonged hidden intrusions.

Protection against electromagnetic pulse (EMP) threats is achieved by shielding critical components, using protected cables and specialized filters, which guarantees operational stability even under strong external electromagnetic influences. Graceful degradation allows the system to maintain essential operations even if up to 70% of hardware or software components become unavailable.

During regular operation, IoT sensors continuously collect water quality data and transmit it in encrypted form to fog nodes using post-quantum cryptography algorithms. Each data transmission undergoes automatic integrity and authenticity verification. Fog nodes perform preliminary analytics using local AI/ML modules, enabling fast detection of anomalies and potentially hazardous events. Processed and aggregated data are then sent to the cloud platform via secure VPN tunnels with additional encryption layers. In the cloud, global AI/ML models are continuously retrained using global datasets to produce updated threat detection models, which are securely distributed back to the fog nodes and sensors through protected update channels.

The security subsystem continuously analyzes network traffic, device behavior, and intercomponent communications to identify cyber threats or potential acts of warfare. When suspicious activity is detected, a multi-tier verification process is triggered, correlating the incident with intelligence data and geopolitical context. If certain nodes are confirmed as compromised, the system automatically isolates them while preserving critical data for forensic investigation. The network then self-reconfigures, activating backup communication channels, redistributing loads among functional nodes, and restoring operational resilience of the system.

The system survivability model reflects a continuous cycle of adaptation to threats, preservation of critical functions, and gradual restoration of operational capability under wartime conditions. The initial state is defined by full system functionality, where all components operate in normal mode, ensuring maximum measurement accuracy and reliable data transmission. During operation, the system is exposed to cyberattacks, physical damage, and environmental disruptions, which require rapid detection, response, and adaptation [10].

Attack detection operates through a multi-layered framework combining network traffic monitoring (IDS/IPS), behavioral analytics via machine learning, event correlation through OSINT, and intelligence from national agencies. When anomalies are detected, compromised nodes are isolated, post-quantum encryption is applied, communication switches to secure backup channels, and alerts are sent via independent paths [11, 12].

Effective mitigation ensures threat neutralization without loss of critical functions; afterward, the system verifies integrity, performs audits, retrains detection models, and gradually restores normal operation. If full mitigation is impossible, graceful degradation mode maintains essential monitoring, alerts, and analytics while non-critical services are suspended and energy-saving protocols activated [13–16].

A critical state arises when functionality drops below 30% due to loss of over 70% of sensors, compromise of core security systems, or physical destruction of nodes. The system then enters emergency mode—local nodes operate autonomously, power reserves are engaged, and communication continues via satellite or radio. Recovery involves gradual reintegration and integrity validation of restored components [17–19].

Under wartime conditions, federated “guerrilla learning” enables decentralized model training directly on nodes, synchronizing only via secure links. Optimized for intermittent connectivity and high latency, these algorithms use differential privacy and allow prolonged autonomous operation without central servers [20, 21].

System survivability is strengthened through automatic reconfiguration and self-organization, redistributing workloads, rebuilding network topologies, and activating redundant resources. Each node stores metadata for all configurations and can trigger reorganization independently. This ensures continuity of critical monitoring and high resilience of cyber-physical systems amid hybrid and wartime disruptions [22].

The warfare-adapted cyber-physical architecture shows major improvements in resilience, survivability, and recovery compared to centralized systems. A distributed mesh topology ensures functionality despite node losses by automatically reconfiguring routes and redistributing critical tasks, eliminating single points of failure and maintaining environmental monitoring during warfare or communication loss [23].

Threat detection accuracy reaches 99.5–99.9% through multi-agent behavioral analysis that integrates diverse machine learning models and correlates network, temporal, and OSINT indicators for proactive attack prediction.

Incident recovery time drops from 2–24 hours to 30–60 seconds thanks to autonomous reconfiguration, redundant routing, and localized decision-making modules. System autonomy increases 18–36× via decentralized control, distributed power networks, and backup energy sources, supporting long-term operation without central coordination.

Energy efficiency rises by about 40% due to adaptive routing, intelligent power management, and low-power operational states. Scalability evolves from linear to exponential: each new node self-integrates into the mesh, expanding functionality and ensuring stability even under fragmentation.

The deployment of the warfare-adapted cyber-physical monitoring system follows a phased strategy that addresses wartime constraints, limited resources, and elevated security demands.

Phase one develops and validates core components—post-quantum cryptography, adaptive MLbased threat prediction, and self-reconfiguring protocols ensuring survivability under failures and disconnections.

Phase two pilots the system at key water-management sites, testing resilience, automated incident response, and OSINT-based coordination with civil defense, followed by gradual geographic scaling.

Phase three expands to nationwide implementation during post-war reconstruction, aligning with ISO/IEC 27001, NIST SP 800-207 (Zero Trust), and NATO cybersecurity frameworks to enable trusted cross-border environmental data exchange.

Technological requirements include secure links with allies for backup data hosting, access to advanced cryptographic tools, and deployment of military-grade IoT infrastructure. Organizationally, the approach demands specialist training, updated cybersecurity regulations, and interagency coordination mechanisms.

In the long term, the system evolves into a national environmental intelligence platform integrated with cybersecurity infrastructure, providing predictive analytics for environmental and technogenic risks in real time.