IBM Security launched the mobile Security Operations Center, capable of traveling onsite for cybersecurity training, preparedness, and response. The IBM X-Force Command Cyber Tactical Operations Center (C-TOC) will travel around the U.S. and Europe, running incident response drills with clients, providing on-demand cybersecurity support, and building cybersecurity awareness and skills with professionals, students and consumers.
The IBM X-Force C-TOC is an operational Security Operations Center on wheels, modeled after Tactical Operations Centers used by the military and incident command posts used by first responders. Housed in a tractor trailer, the mobile facility provides a gesture-controlled cybersecurity “watch floor,” data center and conference facilities that can accommodate two dozen operators, analysts and incident command center staff.
The facility can be deployed in a variety of environments, with self-sustaining power, satellite and cellular communications, providing network for investigation and response as well as platform for cybersecurity training.
Historically, cybersecurity teams have been focused on detection and protection against cybersecurity incidents. However, as the threat landscape has evolved, organizations are now recognizing the need to plan and rehearse their response to security incidents as well.
The 2018 Cost of a Data Breach Study found that companies that are able to respond to incidents effectively and remediate the event within 30 days can save over $1 million on the total cost of a data breach – yet less than 25% of professionals surveyed say their company has a coordinated incident response plan applied across the organization.
The IBM C-TOC will begin its journey travelling around the U.S. and Europe, with multiple purposes:
Response training and preparedness: With an increasing focus on improving incident response in the aftermath of major cybersecurity attacks, the C-TOC can help companies train their teams on techniques (both technical and crisis leadership) to respond to attacks while simulating real-world conditions of how hackers operate and key strategies to protect business brand and resources.
Onsite cybersecurity support: IBM designed the C-TOC with the capabilities to deploy the mobile facility as a client-specific, on-demand Security Operation Center. One potential use-case being explored is supporting sporting events or other large gatherings where supplemental cybersecurity resources may be needed.
Education and awareness: When the C-TOC is in between IBM client engagements, it will travel to immerse people in realistic cybersecurity experience in the industry – visiting local universities and industry events, and even reaching primary school children with awareness efforts to build interest in cybersecurity careers and help address the growing workforce shortage.
“Experiencing a major cyberattack is one of the worst crisis a company can face, and the leadership, skills and coordination required is not something you want to test out for the first time when you’re facing a real attack,” said Caleb Barlow, Vice President of Threat Intelligence, IBM Security.
“Having a mobile facility that allows us to bring realistic cyberattack preparation and rehearsal to a larger, global audience will be a game changer in our mission to improve incident response efforts for organizations around the world.”
Demand for cybersecurity preparation and response grows
IBM Security has identified incident response and preparedness as an underserved segment of the $114 billion cybersecurity market. In 2016, IBM invested $200 million in new incident response facilities, services and software, including the Cyber Range for the commercial sector. Since then, IBM has taken more than 2,000 people through its cybersecurity preparedness training in its facility in Cambridge, MA.
With the launch of the X-Force C-TOC, this training is being taken directly to clients as well as an expanded mission to provide onsite preparedness and the potential for supplemental cybersecurity services.
To create this Cyber Range experience and the C-TOC, IBM consulted with dozens of experts from different industries, from emergency medical responders to active duty military officers. Along with IBM’s own cybersecurity expertise, the C-TOC experiences train teams on the essentials of leadership in crisis – from moving out of the organizations day to day structure and into an incident command hierarchy to thinking a step ahead to anticipate the next moves of an attacker.
The C-TOC training includes a “Cyber Best Practices Laboratory” with real world examples based on experiences with customers in the Cambridge Cyber Range. It will also enable companies to participate in a cyberattack which allows teams to test incident response plans under a simulation. Some examples of these attack scenarios include:
Ox response challenge: This challenge is designed for the executive team to immerse a variety of stakeholders in a realistic “fusion team” environment in which players must figure out how to respond to a cyberattack as a team, across dimensions such as technical, legal, public relations and communications.
OpRed escape: Get into the mind of a cybercriminal and learn to think like a hacker; this exercise puts participants into the “seat” of a real-world attacker, learning the ways bad guys break into networks by watching an expert and getting hands-on experience with a malicious toolset.
Cyber War Game: In this hands-on scenario, participants will uncover a cyber-attack lead by a cybercrime gang targeting a fictitious corporation. Operating on the C-TOC’s simulated corporate network, participants will use technical tools to identify the threats and shut them down, while also building a response plan and developing leadership and crisis management skills.
Supplemental cybersecurity operations
IBM also designed the C-TOC to have the potential to supplement onsite support for clients at times when their cybersecurity needs may surge. Cybercriminals are constantly on the lookout for major events and moments in time to help launch their attacks, taking advantage of increased interest, cashflow and internet activities to get higher returns on their malicious activities.
Cybersecurity at large-scale events is being considered alongside emergency services response and public safety. For these events, IBM can bring the C-TOC onsite to help not only with preparation, but to provide an isolated network, cybersecurity watch floor and incident command infrastructure.
Skills and awareness
The cybersecurity workforce shortage is a major hurdle plaguing the industry, with an anticipated shortfall of nearly 2 million cybersecurity professionals by 2022. Building awareness about security careers among younger generations, as well as helping upskill current professionals in cybersecurity, are two ways IBM Security hopes to help address the skills shortage.
When not working with clients, the C-TOC will travel to academic institutions, industry and community events for training and awareness activities. The C-TOC can also help improve and expand skillsets within the current cybersecurity workforce, through onsite training and hands on skills development with cybersecurity teams on critical skillsets to help them keep up with the latest cyberthreats.