Submit

Login Login

Register Register

Home/ Journals/ CMC/ Vol.85, No.3, 2025/ 10.32604/cmc.2025.068509

Table of Content

Open Access iconOpen Access

ARTICLE

crossmark

A Security Operation and Event Management (SOEM) Platform for Critical Infrastructures Protection

Roberto Caviglia1, Daniyar Aliaskharov2, Alessio Aceti1, Mila Dalla Preda3, Paola Girdinio2, Giovanni Battista Gaggero2,*

1 HWG Sababa Security S.r.l., Piazza Tre Torri 2, Milan, 20145, Italy
2 Department of Electrical, Electronics and Telecommunications Engineering and Naval Architecture (DITEN), University of Genoa, Via Opera Pia 11A, Genoa, 16145, Italy
3 Department of Computer Science, University of Verona, Strada le Grazie, 15, Verona, 37134, Italy

* Corresponding Author: Giovanni Battista Gaggero. Email: email

(This article belongs to the Special Issue: Cyber Attack Detection in Cyber-Physical Systems)

Computers, Materials & Continua 2025, 85(3), 5327-5340. https://doi.org/10.32604/cmc.2025.068509

Received 30 May 2025; Accepted 26 August 2025; Issue published 23 October 2025

Abstract

Industrial Control Systems (ICS) in Operational Technology (OT) environments face unique cybersecurity challenges due to legacy systems, critical operational needs, and incompatibility with standard IT security practices. To address these challenges, this paper presents the Security Operation and Event Management (SOEM) platform, a software designed to support Security Operations Centers (SOCs) in reaching full visibility of OT environments. SOEM integrates diverse log sources and intrusion detection systems, including logs generated by the control system itself and additional on-the-shelf products, to enhance situational awareness and enable rapid incident response. The pilot project was carried out within the funded project SOC-OT-IGE from the “Centro di Competenza Start 4.0” and is being developed in partnership with Ansaldo Energia and HWG Sababa. The validation has been conducted in a real-world pilot project. Thanks to the mapping to requirements for compliance with IEC 62443, the platform demonstrates its effectiveness through defined key performance indicators (KPIs). This work bridges the gap between IT-centric SOC methodologies and the specialized needs of industrial cybersecurity.

Keywords

Cybersecurity; monitoring; intrusion detection; SIEM; SOC

Cite This Article

APA Style
Caviglia, R., Aliaskharov, D., Aceti, A., Dalla Preda, M., Girdinio, P. et al. (2025). A Security Operation and Event Management (SOEM) Platform for Critical Infrastructures Protection. Computers, Materials & Continua, 85(3), 5327–5340. https://doi.org/10.32604/cmc.2025.068509
Vancouver Style
Caviglia R, Aliaskharov D, Aceti A, Dalla Preda M, Girdinio P, Gaggero GB. A Security Operation and Event Management (SOEM) Platform for Critical Infrastructures Protection. Comput Mater Contin. 2025;85(3):5327–5340. https://doi.org/10.32604/cmc.2025.068509
IEEE Style
R. Caviglia, D. Aliaskharov, A. Aceti, M. Dalla Preda, P. Girdinio, and G. B. Gaggero, “A Security Operation and Event Management (SOEM) Platform for Critical Infrastructures Protection,” Comput. Mater. Contin., vol. 85, no. 3, pp. 5327–5340, 2025. https://doi.org/10.32604/cmc.2025.068509
BibTex EndNote RIS



cc Copyright © 2025 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 644

    View

  • 184

    Download

  • 0

    Like

Related articles

Copyright© 2025 Tech Science Press
© 1997-2025 TSP (Henderson, USA) unless otherwise stated

Share Link