This project proposes the development of a platform aimed at improving the information visualization and automation of the services of the Security Operations Center (SOC) for industrial cybersecurity, focused on the securization of ICSs. The developed solution will address the following aspects:
• Automation of the establishment of work baselines, of the resolution of cybersecurity events and of the establishment of criticality and priority levels of each of the alerts received depending on the moment.
• Development of a prototype of an immersive visualization environment for SOC operators in which, by means of VR techniques, the operator is provided with all the relevant information related to a cybersecurity event, both specific and contextual, in a dynamic way, while proceeding to the management of the event.
• Operator behavioral analysis to identify and measure factors related to the alert resolution process, such as what information is relevant and what is not, based on where the operator's attention is directed.
• Analysis of the operator's behavior to identify and measure factors related to the analyst's state that could be relevant for the performance of his work, such as the level of stress associated with the workload or the performance of certain activities, fatigue, etc., using physiological signals provided by state-of-the-art XR helmets, capable of recording eye-tracking, heart rate or facial expression reading.
Although the project is mainly focused on industrial SOCs, the improvements developed in the framework of the project for the automation of tasks in the SOC and assistance to analysts are largely applicable to IT environments.