Sovereign Infrastructure Orchestration

Infrastructure fails in minutes.
Authorization takes hours.

Munin discovers cross-sector dependencies that no existing system can see, pre-simulates cascade failures, and compresses crisis authorization from 2–6 hours to under 30 minutes.

View RepositoryRead the DoctrineRequest a Briefing
0%
Faster authorization
2-6 hours → 20-30 minutes
0
Scenarios simulated
End-to-end in 0.3 seconds
0.971
Real data confidence
EA river gauge correlation
Ed25519
Production signing
PQC dual-stack in progress
The Evidence

This isn't theoretical. It keeps happening.

Every major post-incident review identifies the same bottleneck: multi-agency coordination and legal authorization — not detection.

Hurricane Katrina2005
37 days delay

FEMA, state, and Red Cross operated in parallel without coordination. Meals took 37 days to reach some areas. The 9/11 Commission-style review found "the single most important failure was coordination."

Select Bipartisan Committee Report, 2006
Fukushima Daiichi2011
7+ hours delay

Reactor venting was delayed 7+ hours while operators, TEPCO management, and the Prime Minister's office argued over authorization. Evacuation was uncoordinated across jurisdictions.

NAIIC Report to the Japanese Diet, 2012
UK Summer Floods2007
3–5 hours delay

Cross-government coordination took 3–5 hours per decision. The Pitt Review recommended "a single framework for multi-agency response" — which still doesn't exist.

The Pitt Review, Cabinet Office, 2008
Storm Desmond (Carlisle)2015
2–6 hours delay

Power substation flooded → water pumps failed → treatment offline → hospitals on emergency supply. Each agency responded independently. Cross-sector cascade was not predicted.

Environment Agency Post-Incident Review, 2016

The common thread in every case: the technology to detect the problem existed. The authority to act did not arrive in time.

The Problem

The cascade consumes entire sectors before anyone is allowed to act

Infrastructure failure is not a data problem — we have enough sensors. It is an authority problem. Cross-sector coordination takes 2–6 hours because every step requires phone calls, legal review, and multi-agency sign-off.

TRADITIONAL COORDINATION

Incident detection10min
Cross-agency phone calls45min
Legal review1.0h
Multi-ministry approval2.0h
Command execution10min
Total: 2–6 hours

WITH MUNIN

Incident detection (same)10min
Playbook retrieval0.1min
Packet generation0.1min
3× biometric sign-off15min
Command execution (same)10min
Total: 20–30 minutes
Shadow Link Discovery

Cross-sector dependencies exist in physics, not in any database

Munin infers hidden interdependencies from time-series correlation with lag detection. A power substation and a water pump station 3km away are linked — Munin discovers this before any human maps it.

30s2min45sSubstation APump Station 7Cell Tower 3Hospital ATreatment Plant
Temporal correlation
Statistical co-movement between sensor feeds across sectors
Lag detection
Physical delay between cause and effect (e.g. 30s power→water)
Evidence windows
Sliding confidence intervals with stability and health scoring
Cascade Prediction

See the failure propagate before it happens

Once shadow links are discovered, Munin simulates how a single failure cascades across sectors — power to water to telecom to health — and recommends pre-validated playbooks.

T+0:00POWER
Substation A trips
T+0:30WATER
Pump Station 7 loses power
T+2:00WATER
Treatment plant pressure drops
T+5:00TELECOM
Cell Tower 3 on backup battery
T+15:00HEALTH
Hospital A water pressure critical
T+45:00TELECOM
Cell tower battery depleted
MUNIN RECOMMENDATION
Activate backup power to Pump Station 7
Prevents downstream cascade to treatment plant and hospital. Estimated impact reduction: 4 sectors → 1 sector.
Flood Risk Act §12.3EA Standing Order 7
Playbook pre-validated. Evidence packaged. Ready for sign-off.
Byzantine Multi-Ministry Approval

No single entity can unilaterally authorize a dangerous action

M-of-N signing with Ed25519 production cryptography. Architecture designed for ML-DSA post-quantum dual-stack (integration in progress). Merkle-chained audit trails and TEE attestation interface.

QUORUM POLICY: 2 of 3 ministries required
🌊
Environment Agency
PENDING
Energy Authority
PENDING
🛡
Civil Protection
PENDING
Signatures: 0/3COLLECTING...
Live Demo

Real data. Real results.

Running on actual Environment Agency river gauge data from the Carlisle catchment. No synthetic data. No simulation. Munin discovered the known hydrological relationship between the River Eden and River Petteril — the 5-minute lag matches physical rainfall travel time.

munin — real data demo
Full demo walkthrough →
Safety-First Design

Read-only v1. Humans always decide.

Munin v1 is architecturally incapable of sending commands to any SCADA endpoint. This is enforced by a runtime read-only guard, validated by static analysis in CI, and documented in a structured safety case.

WRITE_ACCESS = falseEnforced
Runtime read-only guard with CI static analysis scanning all engine files for socket/HTTP writes to SCADA ports.
Data diode architectureTested
Ingestion is strictly one-way. Any attempt to open an outbound socket from the analysis enclave fails tests.
Structured safety caseDocumented
GSN-style claims → evidence mapping. STPA hazard analysis with 17 unsafe control actions identified and mitigated.
NIST 800-82 + IEC 62443Compliant
Architecture mapped to real OT security standards. Zones, conduits, security levels, and foundational requirements traced to code.
Try It Yourself

Run the full demo in under 5 minutes

terminal
$ git clone https://github.com/jacobsprake/munin
$ cd munin && pip install -r requirements.txt
 
# Synthetic scenario — full pipeline
$ python engine/cli.py demo carlisle
 
# Real Environment Agency data — no simulation
$ python engine/cli.py demo real-data
 
# Compare Munin vs naive baseline
$ python engine/cli.py baseline carlisle

Full walkthrough: docs/DEMO_WALKTHROUGH.md

Documentation

Deep technical depth. Open to inspection.

Munin Doctrine
Vision, contrarian thesis, 10-year view
Safety Case
GSN claims, evidence, residual risks
Threat Model
NIST 800-82 aligned, 4 attacker profiles
What's Next
Concrete roadmap, what needs funding
Limitations
Honest gaps and how we attack them
Founder Notes
Background, motivation, trajectory
Governance
Byzantine multi-sig, quorum policies
Ministry Integration
How Munin fits into government
Operator Handbook
Step-by-step for field operators
Architecture

Built for sovereign deployment

ENGINE
Python inference engine
Granger causality + lag detection
Sensor health scoring
Property-based + adversarial tests
CRYPTOGRAPHY
Ed25519 production signing
ML-DSA (FIPS 204) integration path
Merkle-chained audit trail
Shamir secret sharing
PLATFORM
Next.js 14 operator console
Air-gapped deployment ready
Data diode architecture
TLA+ formal specification
Why Now

Three forces converging

JULY 2026
EU CER Directive
27 EU member states must identify critical entities and implement cross-sector risk assessment. Compliance "will need to be technology enabled."
NIST 2024
Post-quantum deadline
NIST standardized ML-DSA. Critical infrastructure commands signed today need quantum-safe signatures before cryptographically relevant quantum computers arrive.
2020–2025
Cascading events accelerating
Storm Éowyn, Texas freeze, European heatwaves — interconnected infrastructure failures are increasing in frequency and cross-sector impact.

What exists today vs what Munin adds

EXISTING APPROACHES
Palantir — analytics, not authorization
Everbridge — notification, not dependency modelling
Siemens/ABB — sector-specific SCADA, no cross-sector view
Manual coordination — phone calls, email chains, committees
WHAT MUNIN ADDS
Cross-sector dependency discovery from physics
Pre-validated playbooks with regulatory basis
Cryptographic authorization packets with Merkle audit trail
Byzantine multi-ministry approval in minutes, not hours

No one is treating authorization latency as the core infrastructure problem.

Everyone is building better sensors. Munin is the first system that makes the decision path fast enough to matter.

Founder

Jacob Sprake

Founder & Technical Lead, SPR Labs

Built Munin solo — full inference engine, cryptographic authorization stack, safety case, and 80+ files of technical documentation. Self-taught in infrastructure security, post-quantum cryptography, and ICS/SCADA systems. Based in Milan with Westminster institutional network via the City of London Youth Natural Environment Board.

Get in TouchGitHub Profile

Seeking early deployment partners in water, energy, and civil protection.

Munin deploys on your infrastructure. Your data never leaves your jurisdiction.

Request a Pilot Briefing