Next-Gen Security Operation Center Services for Critical National Infrastructures

Critical National Infrastructures (CNIs) have evolved over the last years through the digitization of their services, which simultaneously led to an increase of their threat surface. Meanwhile the exponential rise of Artificial Intelligence (AI) technologies has given the means to adversaries to perform targeted attacks against high impact systems as the ones found in CNIs. Current regulation directives as the NIS2 or the Cyber Resilience Act (CRA) focus on the presence of Security Operation Centers (SOC), which include different security technologies for the detection and response to cyber-attacks. Nevertheless, such baseline SOCs do not provide the ability to perform a coordinated and orchestrated detection and response cycle for existing cyber threats, but also do not provide proactive measures for zero-day threats. To this end, this paper presents a new approach for automating the orchestration of the incident lifecycle through Next Generation SOC services able to detect/mitigate sophisticated attacks against CNIs, but also implement proactive detection measures against zero-day threats.