Published December 4, 2023 | Version v1
Conference paper Open

Towards Smarter Security Orchestration and Automatic Response for CPS and IoT

  • 1. Montimage (France)
  • 1. ROR icon SINTEF
  • 2. ROR icon Tecnalia
  • 3. ROR icon Montimage (France)
  • 4. Universite Cote d'Azur


Abstract—Current security orchestration and response (SOAR) approaches have primarily focused on specific layers of systems, such as Intrusion Detection Systems, the network layer, or the application layer. We aim to find the gaps in the existing SOAR approaches for IoT/CPS-based systems, especially critical infrastructures, and propose some directions to fill in these gaps. This paper presents a literature survey and future research directions for advancing SOAR towards increased automation and more holistic operation, especially for the cyber-physical security of critical infrastructures. We have found 14 primary SOAR studies and discussed the gaps in general. There is a significant gap when it comes to a comprehensive and systematic approach to SOAR for multi-layered systems using IoT/CPS and considering the computing continuum perspective. To address the gap, we present our on-going work on a framework of multi-layer SOAR decision-making methods and orchestration tools that leverage Reinforcement Learning (RL)-based adaptation intelligence, virtual reality, avatar-human interaction and advanced Cyber Threat Intelligence (CTI) tools.

Index Terms—Security Orchestration, CPS, IoT, Machine Learning, VR, CTI



Files (550.5 kB)

Name Size Download all
550.5 kB Preview Download

Additional details