BLADE-INFRA Governance Node: Authority-Governed Critical Infrastructure Protection Architecture for Power Grids, Water Treatment, and Industrial Control Systems

Burak Oktenli

Published: 28 Mar 2026, Last Modified: 30 Mar 2026ZenodoEveryoneRevisionsCC BY-SA 4.0
Abstract: Project Overview BLADE-INFRA is a hardware-enforced, authority-governed protection architecture designed for critical infrastructure systems, including power grids, water treatment facilities, and industrial control environments. Rather than allowing actuator decisions to emerge directly from sensor readings or software logic, the system introduces an independent governance layer that determines whether physical actions are permitted under current system conditions. The central question addressed by the architecture is: “Given uncertainty, sensor reliability, and potential adversarial conditions, should the system be allowed to actuate?” To answer this, BLADE-INFRA implements an eleven-stage governance pipeline that processes electrical, environmental, and process-control signals through anomaly correlation, trust evaluation, authority computation, advisory consensus, escalation control, and recovery logic before any actuator command is executed. The system integrates probabilistic reasoning through Dempster–Shafer evidence fusion, dynamically adjusts authority based on sensor trust degradation, and enforces safety constraints through a hardware-level interlock. In contrast to conventional industrial control systems that rely on network segmentation or software safeguards, BLADE-INFRA enforces authority decisions at the hardware boundary. This ensures that unsafe or insufficiently verified actions cannot propagate to physical infrastructure, even in the presence of compromised control interfaces or manipulated data streams. The architecture is designed to mitigate threats such as sensor spoofing, protocol injection, cascading failures, insider manipulation, and communication disruption. The project provides a fully reproducible system design, including a complete simulation environment, hardware specifications, configuration artifacts, and engineering documentation. While current results are derived from simulation-based validation, the system is engineered toward deployment under industrial safety and cybersecurity frameworks, including NERC CIP, IEC 61850, and IEC 62443. BLADE-INFRA extends the authority-governed autonomy paradigm across domains, building upon prior implementations in defense and autonomous systems, and demonstrates its applicability as a generalized safety architecture for cyber-physical infrastructure. Technical Description BLADE-INFRA introduces a hardware-enforced authority gating architecture for critical infrastructure using...