CPS Security

Purpose

Bridges physical and cyber domains: telemetry from embedded edge devices, hardware attestation, OT/ICS protocol monitoring (Modbus, DNP3, IEC 61850, BACnet), and physical-cyber correlation.

MCP Domains

Domain	Description
`cps`	Device telemetry, attestation, OT protocol monitoring
`network_capture`	PCAP analysis at OT segment level

Tools

Tool	Description
`query_cps_sensor`	Query telemetry from CPS device
`verify_device_attestation`	Validate DICE attestation chain
`revoke_device_certificate`	Revoke device x.509 cert
`correlate_physical_cyber`	Correlate physical and cyber events
`query_ot_protocol`	Query Modbus/DNP3/BACnet telemetry
`isolate_network_segment`	VLAN isolation of OT segment

Input schema

{
  "device_id": "string",
  "analysis_type": "attestation | telemetry | correlation | protocol",
  "time_range": {"start": "ISO8601", "end": "ISO8601"}
}

Output schema

{
  "device_id": "string",
  "attestation_status": "valid | revoked | unknown",
  "firmware_hash": "string",
  "firmware_hash_match": "boolean",
  "physical_cyber_correlation": "PHYSICAL_ONLY | CYBER_ONLY | CORRELATED | ESCALATED",
  "risk_score": "float",
  "containment_actions": ["string"],
  "protocol_findings": [
    {"protocol": "string", "anomaly": "string"}
  ]
}

Memory config

Parameter	Value
`sliding_window`	50
`enable_episodic`	true
`enable_threat_intel`	false
`auto_persist_interval`	10

Allow-list

cps, network_capture

Purpose​

MCP Domains​

Tools​

Input schema​

Output schema​

Memory config​

Allow-list​