Environmental Disruption: Cross-Medium Sensing With Governed Active Probing

Problem and Premise: Single-Medium Sensing Cannot Distinguish Adversarial From Environmental

Consider an autonomous ground vehicle operating in a peri-urban environment. Its GPS receiver reports a 12 m position glitch lasting 4.2 seconds. The cause could be multipath off a nearby steel-frame building, a moment of poor satellite geometry as a low-elevation vehicle disappeared below a horizon mask, ionospheric scintillation during a geomagnetic storm, a cooperative receiver in a nearby vehicle accidentally radiating in-band, or an adversary running a 1 W L1 spoofer from a quadcopter at 200 m altitude. The receiver itself cannot tell. Its loop-tracking error, carrier-to-noise floor, and ephemeris consistency checks all flag elevated risk, but they do not constitute a credentialed observation of the environment that downstream systems could subscribe to, escalate, or audit.

The same fundamental ambiguity recurs across every medium. A camera reports near-saturation across 38 percent of its image area: was that direct sun reflection off a wet road, ice glare, an oncoming vehicle's high-beam LEDs, or a 5 mW handheld laser pointer aimed at the lens? An X-band radar reports rapidly fluctuating return amplitudes: rain attenuation, foliage scintillation, a flock of starlings, deliberate chaff, or a noise jammer? An acoustic localizer hears broadband energy at 8-15 kHz: HVAC machinery, weather, deliberate ultrasonic masking, or harmonic distortion from a faulty preamp? In each case, conventional architectures attempt to filter the bad input and continue, but they do not externalize the disruption itself as a structured, governed observation.

Current production approaches handle this poorly along three axes. Redundant single-medium hardening (multiple GPS receivers from different manufacturers; multiple cameras with different exposure profiles) detects outages but does not diagnose them and is defeated by any wide-area effect. Failover to alternative single-medium subsystems (inertial dead-reckoning when GPS fails; LIDAR when cameras saturate) extends operational time but does not classify the disturbance and accumulates drift while the underlying threat persists. Application-layer heuristics (reject GPS jumps greater than X meters per second; reject camera frames with greater than Y percent saturation) are brittle, parameter-tuned per deployment, and routinely defeated by adversaries who have read the same engineering literature the defender relied upon.

The architectural gap is that disruption is treated as a sensor problem rather than as a structured observation problem. The system gets bad inputs and tries to filter them. It does not produce a credentialed observation about the disruption itself that other systems can consume and respond to. Two consequences follow. First, fleet-level coordination on disruption response is impossible: unit A cannot warn unit B that GPS is being spoofed in this geographic cell because there is no canonical, signed object to transmit. Second, post-incident audit is impossible: after the fact, the operator can recover that "GPS was bad between 14:32 and 14:36" but cannot recover the structured evidence that would attribute the cause or distinguish adversarial action from environmental coincidence. Both consequences foreclose the entire class of cross-system, governance-aware response that contested operations actually require.

The Core Primitive: Disruption as a First-Class Credentialed Observation

Environmental disruption sensing reifies disruption itself as a credentialed observation. The primitive operates against a governance-characterized baseline: a credentialed authority (a spectrum regulator, a meteorological authority, a defense planning authority, or a coalition baseline custodian) publishes the expected envelope of conditions for a region across each instrumented medium. The expected envelope includes nominal RF occupancy by band, expected optical illuminance ranges by hour and weather, expected acoustic spectra by terrain type, expected geomagnetic fluctuation bounds, and so on. This baseline is itself a credentialed observation set, signed, scoped to a geographic cell and a validity window, and revisable by credentialed update.

Participating sensors observe the actual conditions, sign their observations under their own credentials, and a disruption evaluator computes the departure from baseline. When departure exceeds a credentialed threshold, the evaluator emits a disruption observation that carries five required fields: medium (RF, optical, acoustic, thermal, magnetic, seismic, chemical, radiological); magnitude expressed in medium-appropriate units (dB above noise floor, lux above expected illuminance, ppm above background); spatial-temporal scope (geographic cell, time window, propagation envelope); candidate causes (a ranked set of credentialed signature matches with confidences); and the lineage hash chain pointing to every contributing measurement.

Disruption observations propagate through the mesh exactly like any other observation. They are signed, replicated, age according to credentialed validity windows, and feed composite admissibility evaluators in any consuming system. A swarm of unmanned ground vehicles, an air-traffic management cell, a coalition liaison node, a forensic analyst, and a regulatory enforcement system can all subscribe to the same disruption stream and act on it under their own admissibility policies.

This shifts the architecture from "each sensor handles its own noise" to "disruption is a publishable, audit-grade observation about the environment." Cross-system coordination on disruption response becomes possible without per-system point integration. The forensic record after an event is a chain of signed observations rather than a reconstructed log narrative. And the addition of a new medium (a chemical sensor; a low-frequency seismic array) is a configuration event rather than an architectural redesign, because the primitive is medium-agnostic by construction.

Mechanism I: Multi-Medium Sensing Across Independent Physical Pathways

Disruption signatures appear across multiple media simultaneously when the underlying cause is real, and tend to fail to correlate when the underlying cause is a sensor fault or single-medium attack. This is not an empirical heuristic; it is a consequence of physics. A weather front advancing into a region produces correlated changes in barometric pressure (a chemical-class measurement at the bulk-gas level), acoustic spectrum (wind noise rising in low frequencies), optical conditions (cloud cover affecting illuminance), and even RF propagation (humidity affecting refractivity at microwave bands). A deliberate GPS spoofer, by contrast, produces a signature in the GNSS L-band and typically nowhere else in the electromagnetic environment unless the operator is also generating RF cover.

The primitive consumes contributions from medium-specific sensors with deliberately heterogeneous physics. A representative instrumentation set includes: spectrum analyzers covering at least 30 MHz to 6 GHz with sub-MHz resolution bandwidth for RF; photometric arrays with at least three spectral channels (visible, near-IR, short-wave IR) and dynamic range exceeding 100 dB for optical; calibrated MEMS microphone arrays covering 20 Hz to 40 kHz with directional discrimination for acoustic; three-axis fluxgate magnetometers with 0.1 nT resolution sampled at 100-1000 Hz for magnetic; commercial off-the-shelf metal-oxide and electrochemical sensor arrays for principal industrial chemicals; uncooled microbolometer arrays for thermal; geophone or MEMS triaxial accelerometers for seismic; and pancake-tube Geiger-Muller detectors for gamma. The cost of an instrumented platform with all eight modalities is approximately one to three thousand US dollars in 2026 component pricing, well below the cost floor for the autonomous platforms the primitive serves.

Each contribution is signed by its sensor's credential, declared with its modality, calibration epoch, and uncertainty, and integrated into the composite signature evaluator. The credential carries the manufacturer attestation, the most recent calibration record, and the sensor's authority scope (a thermal imager can sign "thermal departure from baseline" but not "weapon detected"). Correlation across modalities is computed in a normalized feature space where each medium contributes a scalar departure-from-baseline metric in standard deviations relative to its own noise floor.

The structural distinction from single-medium hardening is that an adversary who jams one medium has not defeated the system; they have created an asymmetry across media that itself becomes a high-confidence disruption observation. A signal that appears in only one medium is a candidate sensor failure or single-medium attack and is admitted with low confidence. A signal that correlates across multiple physically independent media is structurally more diagnosable: the correlation pattern itself attributes the cause. Defeating the primitive requires the adversary to coordinate plausible disruption across every instrumented medium simultaneously, which is dramatically more expensive than disrupting any one of them.

Mechanism II: Cross-Medium Composite Signatures and the Credentialed Library

The primitive maintains a credentialed library of composite signatures, each signature a structured description of how a specific disruption cause manifests across the instrumented media. A representative set of signatures includes the following exemplars. GNSS L1/L2 spoofing typically presents as a slow drift in receiver-reported time of greater than 50 nanoseconds per second relative to a disciplined local oscillator, a position glitch exceeding 10 m within a five-second window, an adjacent-band RF anomaly at 1525-1610 MHz with elevated noise floor, and a power-spectrum departure showing carrier-to-noise improvement that is physically implausible for the receiver geometry. Coordinated barrage jamming presents as broadband RF noise greater than 20 dB above ambient across the targeted band, simultaneous protocol-layer failures in dependent radios, and temporal correlation across geographically separated receivers consistent with a transmitter at a specific bearing.

Deliberate optical blinding presents as multi-camera saturation correlated within milliseconds, spectral concentration at known laser wavelengths (532, 635, 808, 1064 nm), and adversarial geometry (the saturation peak corresponds to a specific bearing rather than the sun's known position). Acoustic masking presents as broadband or tonal energy at greater than 75 dB SPL outside the expected ambient envelope, with directionality inconsistent with mapped fixed sources. Chemical release presents as concentration excursions for principal industrial chemicals (CO, H2S, NH3, NO2, VOCs) outside the credentialed regional baseline. Each signature also enumerates the negative space: what conditions, if also present, downgrade or rule out the candidate cause.

Each signature is itself a credentialed observation set. An authority appropriate to its scope (a defense authority for adversarial signatures; a national spectrum authority for jamming signatures; a meteorological authority for natural disruption; a public-health authority for chemical release) signs the signature description, including its constituent observations, expected correlations, confidence thresholds, and validity window. The library is versioned: new signatures register through governance-credentialed updates with a credentialed deprecation pathway for outdated entries. Operating units consume the signature library through the same composite admissibility framework that consumes any other governed observation, ensuring that the trust model for disruption classification is identical to the trust model for everything else in the architecture.

Signature matching is not a single-classifier output. The evaluator computes a likelihood score for each candidate signature given the current cross-medium feature vector, returns the top-k matches with their confidences, and emits a disruption observation that names all candidates above a credentialed threshold. Downstream consumers select among them under their own admissibility policies: a coalition liaison may treat any candidate adversarial signature above 0.4 confidence as escalatable; a forensic system may record all candidates above 0.05 for later analysis. The primitive does not impose a single classification; it produces credentialed evidence and lets governed consumers decide.

Mechanism III: Governed Active Probing With Disclosure-Cost Admissibility

Passive sensing is sometimes insufficient. Distinguishing a sophisticated GNSS spoofer from natural multipath may require transmitting a known waveform and observing the spoofer's reaction. Distinguishing deliberate optical dazzle from a glint may require pulsing a structured optical signal and observing whether the saturating source modulates in response. Distinguishing a jammer from a malfunctioning friendly transmitter may require requesting the friendly to cease transmission for a credentialed window. Active probing produces information at the cost of revealing the probing system's presence, capabilities, and intent to any observer including the adversary.

The primitive's governed active-probe mechanism explicitly weighs this disclosure cost. Each probe is a credentialed actuation request that passes a confidence-governed admissibility gate evaluating four factors. First, regulatory licensing: am I authorized to transmit in this band at this power for this duration in this jurisdiction? FCC Part 15 emissions are admissible essentially anywhere, while transmissions in licensed bands require credentialed authority from the spectrum holder. Second, mission policy: does the operating mission permit the disclosure that this probe entails? A covert reconnaissance mission may forbid any active emission while a perimeter-defense mission may permit broad probing. Third, adversarial-awareness state: what does my disclosure reveal that the adversary does not already know? Probing in a band where the adversary has already detected my emissions is structurally cheaper than probing in a band where my presence has been concealed. Fourth, expected information value: what is the probability that the probe response materially improves my classification confidence?

Probe admissibility produces graduated outcomes rather than a binary go/no-go. A probe may be admitted at full power for full duration when conditions are permissive; admitted at reduced power (typically 6-20 dB below nominal) under partial disclosure tolerance to limit detection range; admitted only as a single brief pulse rather than a sustained sequence; deferred pending a mission policy update; or refused outright when the disclosure cost exceeds the information value. Refused probes are themselves credentialed observations: the system records that it declined to probe and why, providing audit traceability for after-action review.

Representative probe parameter envelopes for the RF medium include effective isotropic radiated power between -20 and +30 dBm, dwell times between 100 microseconds and 1 second, repetition intervals between 1 and 60 seconds, and frequency selection from a credentialed list of permitted bands. Optical probes operate at eye-safe Class 1 power levels (less than 0.39 mW continuous wave at 532 nm) by default, with credentialed authority required for higher classes. Acoustic probes cap at 85 dB SPL at 1 m absent specific authority. The mechanism is a structural answer to a problem that current adversarial-aware systems handle ad hoc, exposing the disclosure-cost tradeoff to credentialed governance rather than to a hand-tuned engineering parameter.

Mechanism IV: Multi-Source Corroboration, Source Attribution, and Lineage

A disruption observation from a single sensor is provisional. Attribution to a specific cause requires corroboration from multiple credentialed sources, ideally distributed both spatially and across institutions. The primitive aggregates contributions across cooperating sensors, each signing its own observation, with an aggregator producing a credentialed attribution observation whose confidence reflects the diversity and credentialing of the contributing sources.

Cross-source corroboration also handles the inverse problem: a single-source disruption claim that fails to corroborate across nearby sensors is itself a structurally suspicious event. An adversary attempting to inject a false "disruption" observation into the mesh (perhaps to trigger a costly fallback response in friendly systems) faces the entire credentialing apparatus. The injected observation appears as a non-corroborating claim that triggers the divergence-detection pathway described in the cross-mesh reconciliation companion primitive. Attempted poisoning of the disruption stream becomes itself a recorded, signed event subject to forensic review.

Source attribution flows from the credentialed authority hierarchy. An authority that can sign "this disruption is adversarial" must hold a credential for that determination, typically a defense authority or an FCC enforcement authority. A general-purpose sensor with broad authority can sign "this measurement departed from baseline by N standard deviations" but not "this departure is adversarial." This separation means the most consequential attributions are made by the smallest set of highly accountable authorities, while the bulk evidentiary burden is carried by the much larger fleet of general-purpose sensors. The result is structurally compatible with both military command authority and civilian regulatory authority, allowing a single primitive to serve both contexts.

Every disruption observation carries a complete lineage hash chain pointing back through every contributing measurement, every aggregation step, every signature library version consulted, and every authority key applied. The lineage is itself signed and rotates with credential rotation. After-action reconstruction recovers not just the disruption observation but the full evidentiary substrate, allowing an analyst, regulator, or adjudicator to audit the determination at arbitrary granularity.

Operating Parameters and Performance Envelopes

The primitive operates across a wide envelope of physical, computational, and policy parameters. Detection latency from the onset of a disruption to the emission of a credentialed disruption observation is typically 50-500 milliseconds for RF and optical events (limited by sensor sample rate and the corroboration window), 200-2000 milliseconds for acoustic and magnetic events, and 1-30 seconds for chemical events (limited by sensor response time of metal-oxide elements). Geographic cell sizes for baseline characterization range from 100 m on a side in dense urban deployments to 10 km on a side in maritime or rural deployments, with cell density driven by the spatial gradient of expected baseline conditions.

Baseline validity windows range from minutes (RF occupancy in dynamic spectrum-shared bands) to hours (expected optical illuminance) to seasons (expected geomagnetic background). Signature library updates propagate through credentialed update pathways with typical latencies of seconds to minutes within a single mesh and minutes to hours across federated meshes via the cross-mesh reconciliation primitive. Storage requirements for a year of signed observations at one observation per second per medium per platform run approximately 200 MB to 2 GB depending on medium and signature density, well within the storage budget of contemporary embedded platforms.

Active-probe envelopes are bounded by regulatory and physical limits. Permitted RF probe bands and powers are platform-specific and jurisdiction-specific, encoded in credentialed regulatory observations admissible only when the platform's location credential places it within a valid jurisdiction. Probe rate limiting prevents individual platforms or fleets from cumulatively exceeding aggregate emission policies even when each individual probe is admissible. Power-aware admissibility allows probe authority to be conditioned on remaining mission energy budget, ensuring that probing does not deplete reserves required for primary mission objectives.

Alternative Embodiments

The primitive admits a wide range of embodiments across platform classes, sensor sets, and governance contexts. A single-platform embodiment (a sole autonomous ground vehicle, a single aircraft, a fixed perimeter sensor mast) operates the full primitive locally with the corroboration burden carried by the diversity of media on the platform itself. A fleet embodiment distributes corroboration across platforms communicating over a tactical mesh, with each platform contributing observations and consuming aggregated disruption observations from the fleet.

A federated-coalition embodiment composes the primitive with the cross-mesh reconciliation primitive, allowing disruption observations to cross mesh boundaries through credentialed taxonomy translators. A coalition partner detecting a high-confidence GNSS spoofing event in their mesh propagates the observation across the federation boundary, where it is restated in the receiving mesh's taxonomy and admitted under the receiving mesh's credentialing rules.

A regulatory embodiment serves an enforcement authority (FCC, FAA, an environmental regulator) that subscribes to disruption observations from a deployed fleet and triggers credentialed regulatory actions on the basis of corroborated, audit-grade evidence. A forensic embodiment archives the full lineage chain in long-term storage for after-action review and adversarial-trend analysis. A simulation embodiment instantiates the primitive within a synthetic environment for training or red-team exercises, with all signatures, baselines, and credentials replaced by simulation-domain analogs.

Sensor-set alternatives range from minimal three-medium configurations (RF, optical, acoustic) suitable for low-cost commercial platforms to comprehensive eight-medium configurations including chemical, radiological, magnetic, thermal, and seismic. The primitive is invariant to the specific sensor set: adding a medium is a configuration change requiring credentialed signature-library updates rather than an architectural change. Hybrid configurations where some media are platform-resident and others are mesh-shared (a fleet may pool a single radiological sensor across many platforms via the disruption-observation bus) are admitted naturally.

Composition With Other Primitives

Environmental disruption sensing is a composing primitive. It produces credentialed disruption observations consumed by other primitives in the disclosed architecture and consumes baselines, credentials, and signatures produced elsewhere. Its principal compositions are with confidence-governed actuation, with cascade propagation, with mesh-derived coordinates and time, and with the governance chain.

Composition with confidence-governed actuation produces graduated response. Disruption observations feed admissibility evaluators that select among continued normal operation under low-confidence disruption, increased multi-source verification before action under moderate disruption, reduced sensor weight on the disrupted medium under high disruption, and switching to credentialed fallback modes (sensor-primary marker tracking; anchor-less coordinate operation) under severe disruption. The graduated response mirrors the graduated execution modes of confidence-governed actuation: not binary, but a spectrum of operational changes selected by admissibility computation.

Composition with cascade propagation enables fleet-level pre-positioning. When one platform produces a high-confidence disruption observation, neighboring platforms receive the credentialed observation through the cascade and pre-emptively shift to fallback modes before they enter the affected region. The cross-platform latency of pre-positioning is the cascade-propagation latency plus the disruption-detection latency, typically under one second in a tactical mesh. Composition with mesh-derived coordinates and time provides the anchor-less fallback that GNSS-spoofing defense requires: when GNSS is disrupted, the platform falls back to mesh-derived coordinates synthesized from ranging measurements among credentialed peers.

Composition with the governance chain provides the credentialing apparatus on which the entire primitive rests: signature libraries, baseline observations, sensor credentials, attribution authorities, and probe permissions are all governance-chain artifacts, with rotation, revocation, and forensic traceability inherited from that primitive. The result is that environmental disruption sensing inherits its trust model from the broader architecture rather than imposing a new one.

Prior-Art Distinctions

This primitive is structurally distinct from several adjacent technologies that solve related but narrower problems. It is not Galileo OSNMA, GPS Chimera, or other GNSS authentication schemes. Those harden a single medium against a specific attack class through cryptographic authentication of navigation messages. They do not produce credentialed observations for multi-system consumption, do not span multiple media, and do not provide a governed active-probe mechanism. The disclosed primitive consumes OSNMA-style authentication results as one input among many while remaining medium-agnostic.

It is not Mobileye Responsibility-Sensitive Safety or other safety-distance frameworks. Those compute safe operating distances under nominal sensing assumptions; the disclosed primitive computes operational mode adjustments under adversarial-aware admissibility, with the disruption observation itself being a first-class object that an RSS implementation could consume but does not produce.

It is not Kalman filtering, particle filtering, or related state-estimation techniques. Those fuse sensor inputs into a posterior estimate of a system state under a model of sensor noise; the disclosed primitive externalizes the deviation from baseline as a credentialed object and explicitly models adversarial rather than only stochastic sensor degradation. A Kalman filter that has converged to a high-confidence wrong answer because of a coordinated adversarial input is exactly the failure mode the disclosed primitive is designed to prevent.

It is not traditional sensor fusion frameworks (JDL Level 1-2 fusion, Dempster-Shafer combination, evidential reasoning systems). Those combine evidence under a fixed trust model; the disclosed primitive explicitly governs which authorities may attribute which classes of cause and produces signed, auditable disruption observations consumable across organizational boundaries. It is not the FCC's spectrum-monitoring infrastructure or analogous national programs. Those operate at centralized monitoring scope; the disclosed primitive operates at the participant level with credentialed integration of regulatory observations as one input among many. Finally, it is not a defense-specific anti-jam or anti-spoof product. Those are typically single-medium, single-vendor, and not designed for cross-organization governance. The disclosed primitive is medium-agnostic, vendor-neutral, and structurally compatible with regulatory, defense, and commercial governance simultaneously.

Disclosure Scope and Conclusion

Disclosed under USPTO provisional 64/049,409, the primitive scope encompasses: the production of disruption as a credentialed first-class observation across at least RF, acoustic, optical, magnetic, chemical, thermal, seismic, and radiological media; the credentialed library of cross-medium composite signatures with credentialed update and deprecation; the governed active-probe admissibility gate weighing regulatory, mission, adversarial-awareness, and information-value factors; the multi-source corroboration apparatus producing credentialed attribution observations; and the lineage-bound signing chain providing audit-grade traceability. The scope is invariant to the specific sensor set, the specific platform class, and the specific governance authority hierarchy, requiring only that the architecture provide credentialed sensors, a credentialed baseline, and a credentialed signature library.

Environmental disruption sensing is the primitive that allows a contested-environment autonomous architecture to externalize what is happening to it as a structured, signed, audit-grade object rather than absorbing the disruption silently and continuing to operate as if its inputs were trustworthy. It composes with confidence-governed actuation for graduated response, with cascade propagation for fleet-level pre-positioning, with mesh-derived coordinates and time for anchor-less fallback, and with the governance chain for the credentialing apparatus on which the entire primitive rests. The architectural shift from "sensors handle their own noise" to "disruption is a publishable observation" is what enables cross-system, cross-organization, audit-grade response to contested operating conditions that current architectures cannot deliver.