Torus Shield

Hardened cyber defense for grid-connected energy assets — built into every Torus Station from the inside out.

Torus Shield is dedicated cyber defense installed inside every Torus Station. It enforces on-site perimeter defense, both for physical and cyber security. It includes encryption, firewalling, identity-gated access control, and physical intrusion detection — while continuously contributing threat intelligence to Torus Overwatch. Overwatch monitors system behavior in real time and escalates anomalies to security operators in the Torus Overwatch Command Center (TOC).

Zero Trust access

Every user, device, and session is verified through identity enforcement and network access controls before any remote connection is provisioned — no implicit trust at any layer.

Physical intrusion detection

Every Torus Station is protected by a multi-sensor physical security layer — combining 24/7 4K camera surveillance with AI-powered motion analysis and hardware sensors that detect enclosure tampering.

Cyber defense

Every Torus Station runs a Layer 7 stateful firewall with IDS/IPS and application-layer inspection, enforcing session-level policy for all command, control, and telemetry traffic. Transit traffic is encrypted with TLS 1.3 and AES. Endpoint detection and response flags behavioral anomalies and process-level threats in real time, while firewall activity is analyzed against known attack patterns to feed fleet-wide threat intelligence.

Risk management

Torus maintains a centralized asset risk management program across every station in the fleet — continuously scanning for vulnerabilities, deploying patches through a rigorous update process, and validating security posture through automated testing. Every action is logged, monitored, and auditable.

Overwatch integration

Torus Shield continuously feeds threat intelligence and behavioral telemetry to Torus Overwatch, where AI-powered analytics and anomaly detection monitor fleet activity in real time. Deviations from established baselines are automatically escalated to the Overwatch Command Center, where certified operators validate, triage, and respond.

Specs and stats

Firewall & Intrusion Detection: Layer 7 stateful inspection with application-layer policy enforcement and IDS/IPS
Threat Detection: Active threat intelligence with continuous attack pattern and signature analysis
Endpoint Protection: Continuous EDR across all station compute layers
Compliance Alignment: UL 9540, IEC 62443, NERC CIP (EACMS/PACS - NIST 800-171), CMMC compliant
Remote Access: Zero Trust encrypted mesh with ChaCha20-Poly1305 encryption and just-in-time access provisioning
Identity & Access: Hardware-backed MFA with identity-aware policy enforcement across every user, device, and session
Communications: TLS 1.3 with AES encryption for all transit traffic; Starlink broadband with LTE cellular failover; redundant WAN architecture
Physical Security: 24/7 4K surveillance with AI-powered motion analysis and hardware tamper sensors
Patch & Update Management: Auditable remote software update process with change-controlled deployment
Monitoring Integration: AI-powered predictive analytics and advanced anomaly detection via Torus Overwatch

Your questions, answered.

Torus Shield is the dedicated cyber defense layer installed inside every Torus Station. It handles on-site perimeter defense — firewalling, IDS/IPS, endpoint protection, identity-gated access control, and physical intrusion detection — while continuously contributing threat intelligence and behavioral telemetry to Torus Overwatch. Overwatch monitors activity across the entire fleet in real time, using AI-powered predictive analytics to identify anomalies and escalate them to certified operators in the Torus Overwatch Command Center. Together they form a multi-layer defense architecture that protects both the physical asset and command and control — on-site and remotely.
Torus Shield uses a multi-sensor approach to physical security — every station combines 24/7 4K camera surveillance with AI-powered motion analysis and hardware tamper sensors on the station enclosure. When an intrusion is detected, automated alerting triggers immediately to the Torus Overwatch Command Center where certified operators validate, triage, and respond — without any manual escalation step in between. On-site access is governed by just-in-time protocols enforced through identity verification — access is granted only when needed, monitored throughout, and revoked immediately upon completion. There is no standing physical access to anyTorus Station.
Most energy storage security solutions are provided by third-party vendors and applied after the fact — bolt-on layers with limited visibility into the systems they're protecting. Torus Shield is different. It ships with every Torus Station, engineered into the platform from manufacturing through the entire life of the system. Where others provide a single layer of protection, Torus Shield delivers a multi-layer cyber defense architecture — combining on-site perimeter defense, physical intrusion detection, and continuous threat intelligence in one integrated system. Torus Overwatch adds AI-powered predictive analytics on top, monitoring behavioral patterns across the entire fleet in real time — giving every station the benefit of what the entire network sees.
No. Torus Stations operate on a completely independent, isolated communications infrastructure owned and managed by Torus — entirely separate from your internal network, IT systems, and security perimeter. No Torus data, telemetry, or communications ever traverse your network. The only connection between a Torus Station and your facility is electrical. This is by design — keeping Torus on its own communications infrastructure eliminates any risk of our systems creating liability on yours, ensures our ability to dispatch energy is never dependent on your network availability, and gives us complete control over the security and reliability of every connection in the stack. Your IT team doesn't need to be involved. Your firewall rules don't need to change. Your network doesn't need to be touched.