CPS Device Management
AuroraSOC manages cyber-physical system (CPS) devices through a fleet management service with zone-based organization, policy enforcement, and continuous attestation.
Device Fleet
Registering a Device
POST /api/v1/cps/devices
{
"device_id": "esp32c3_env_01",
"device_type": "environmental_sentinel",
"name": "Server Room Env Sensor #1",
"firmware_stack": "rust_embassy",
"location": "DC-1, Rack A3, Top",
"zone_id": "zone-server-room"
}
Fleet Summary
GET /api/v1/cps/fleet/summary
Returns aggregate health: total devices, online/stale/offline counts, attestation summary, and average risk score.
Device Health States
| State | Criteria | Action |
|---|---|---|
| Online | Last heartbeat < 10 minutes | Normal operation |
| Stale | Last heartbeat 10-60 minutes | Warning alert generated |
| Offline | Last heartbeat > 60 minutes | Critical alert, investigation triggered |
Zones & Conduits (IEC 62443)
Devices are organized into zones with security levels and conduits that define allowed communication paths between zones.
Creating a Zone
POST /api/v1/cps/zones
{
"name": "Server Room",
"security_level": "SL3",
"fail_mode": "fail_secure",
"site_id": "hq"
}
Security Levels
| Level | Description | Typical Use |
|---|---|---|
| SL0 | No security requirements | Test/lab environments |
| SL1 | Protection against casual violation | General office areas |
| SL2 | Protection against intentional violation | Restricted areas |
| SL3 | Protection against sophisticated attack | Server rooms, data centers |
| SL4 | Protection against state-level attack | Critical infrastructure |
Conduit Isolation
When a security incident is detected in a zone, conduits can be isolated to contain lateral movement:
POST /api/v1/cps/conduits/{conduit_id}/isolate
Attestation
See the CPS Attestation runbook for the challenge-response protocol.
Anomaly Detection
The CPS anomaly detector monitors sensor readings for:
- Stuck values - Same reading for > 30 minutes (possible sensor failure/tampering)
- Envelope breach - Z-score > 3 from zone baseline (environmental anomaly)
- Zero jitter - Perfectly flat readings (possible sensor spoofing)
- Cohort divergence - One sensor diverges > 5°C from zone peers
GET /api/v1/cps/anomalies?zone_id=zone-server-room