Towards Smarter Security Orchestration and Automatic Response for CPS and IoT

Abstract—Current security orchestration and response (SOAR) approaches have primarily focused on specific layers of systems, such as Intrusion Detection Systems, the network layer, or the application layer. We aim to find the gaps in the existing SOAR approaches for IoT/CPS-based systems, especially critical infrastructures, and propose some directions to fill in these gaps. This paper presents a literature survey and future research directions for advancing SOAR towards increased automation and more holistic operation, especially for the cyber-physical security of critical infrastructures. We have found 14 primary SOAR studies and discussed the gaps in general. There is a significant gap when it comes to a comprehensive and systematic approach to SOAR for multi-layered systems using IoT/CPS and considering the computing continuum perspective. To address the gap, we present our on-going work on a framework of multi-layer SOAR decision-making methods and orchestration tools that leverage Reinforcement Learning (RL)-based adaptation intelligence, virtual reality, avatar-human interaction and advanced Cyber Threat Intelligence (CTI) tools.

Index Terms—Security Orchestration, CPS, IoT, Machine Learning, VR, CTI