Abstract
Cyber-Physical Systems (CPS) and the Internet of Things (IoT) are crucial in a number of fields, including healthcare, energy, mobility, and communication. IDS, network, and application layers are among the system layers that are the primary focus of current Security Orchestration, Automation, and Response (SOAR) techniques. However, taking into account the computing continuum, there is a noticeable lack of complete SOAR techniques for multi-layered IoT/CPS systems. We aim to systematize the current SOAR approaches for IoT/CPS-based critical infrastructures. Three research topics served as the basis for our systematic review, which produced important findings: (i) IoT/CPS systems require a complete SOAR that addresses many architectural elements; (ii) AI/ML improves automation, but it is insufficient in addressing explainability and cross-layer/system/domain issues; and (iii) the incorporation of digital twin solutions into SOAR frameworks is still in its early stages. We highlight areas for further research to enhance SOAR solutions’ efficacy, flexibility, and comprehensiveness in addressing evolving cybersecurity challenges.