TY - GEN
T1 - Knowledge Systematization for Security Orchestration in CPS and IoT Systems
AU - Nguyen, Phu
AU - Song, Hui
AU - Dautov, Rustem
AU - Ferry, Nicolas
AU - Rego, Angel
AU - Rios, Erkuden
AU - Iturbe, Eider
AU - Valdes, Valeria
AU - Cavalli, Ana Rosa
AU - Mallouli, Wissam
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Cyber-Physical Systems (CPS) and the Internet of Things (IoT) are crucial in a number of fields, including healthcare, energy, mobility, and communication. IDS, network, and application layers are among the system layers that are the primary focus of current Security Orchestration, Automation, and Response (SOAR) techniques. However, taking into account the computing continuum, there is a noticeable lack of complete SOAR techniques for multi-layered IoT/CPS systems. We aim to systematize the current SOAR approaches for IoT/CPS-based critical infrastructures. Three research topics served as the basis for our systematic review, which produced important findings: (i) IoT/CPS systems require a complete SOAR that addresses many architectural elements; (ii) AI/ML improves automation, but it is insufficient in addressing explainability and cross-layer/system/domain issues; and (iii) the incorporation of digital twin solutions into SOAR frameworks is still in its early stages. We highlight areas for further research to enhance SOAR solutions' efficacy, flexibility, and comprehensiveness in addressing evolving cybersecurity challenges.
AB - Cyber-Physical Systems (CPS) and the Internet of Things (IoT) are crucial in a number of fields, including healthcare, energy, mobility, and communication. IDS, network, and application layers are among the system layers that are the primary focus of current Security Orchestration, Automation, and Response (SOAR) techniques. However, taking into account the computing continuum, there is a noticeable lack of complete SOAR techniques for multi-layered IoT/CPS systems. We aim to systematize the current SOAR approaches for IoT/CPS-based critical infrastructures. Three research topics served as the basis for our systematic review, which produced important findings: (i) IoT/CPS systems require a complete SOAR that addresses many architectural elements; (ii) AI/ML improves automation, but it is insufficient in addressing explainability and cross-layer/system/domain issues; and (iii) the incorporation of digital twin solutions into SOAR frameworks is still in its early stages. We highlight areas for further research to enhance SOAR solutions' efficacy, flexibility, and comprehensiveness in addressing evolving cybersecurity challenges.
KW - AI
KW - CPS
KW - Digital Twin
KW - IoT
KW - ML
KW - SLR
KW - SOAR
KW - Security Orchestration
KW - Systematic Review
UR - https://www.scopus.com/pages/publications/105016101412
U2 - 10.1109/CSR64739.2025.11130008
DO - 10.1109/CSR64739.2025.11130008
M3 - Conference contribution
AN - SCOPUS:105016101412
T3 - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025
SP - 672
EP - 678
BT - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th IEEE International Conference on Cyber Security and Resilience, CSR 2025
Y2 - 4 August 2025 through 6 August 2025
ER -