“You can bring in a group of corporate executives or security team and basically run them through what their worst day at work is going to feel like.”
That’s how Caleb Barlow, Vice President of Threat Intelligence at IBM Security, describes IBM’s X-Force Command Cyber Tactical Operations Center. The Center, located on a working truck, is the industry’s first mobile cybersecurity training unit.
The whole project is part of IBM Security’s growing $200M+ investment to aid clients on their ability to respond to cybersecurity incidents. A 2018 Cost of a Data Breach Study found that less than a quarter surveyed companies have a coordinated incident response plan, despite the fact that companies who respond effectively to incidents within 30 days can save over $1 million on the total cost of a data breach.
IBM’s global cybersecurity headquarters in Cambridge, MA has taken more than 2,000 individuals through the cyber-breach simulator. During the process, Barlow says the team has “learned a lot about where people excel, and where they often fail.”
“One of the biggest things we’ve learned is that a lot of where people struggle is having the right leadership skills to make these decisions, and make them quickly,” says Barlow. “By getting them into an immersive environment, it forces them into that leadership process and it really gives us the ability to measure both how are they doing and where do they maybe need to improve.”
The Cambridge hub is currently booked eight months out, so the X-Force C-TOC truck is the next step in engaging with clients, by coming to them. Housed inside an 18-wheeler, the simulation center runs similarly to the command centers used by the military and first responders, allowing security teams to run an immersive breach exercise and test their vulnerabilities.
The truck fits 20 people. Once inside, they’re able to either undergo IBM’s generic scenario or, if they already have procedures in place, customize the scenario to test the efficacy and vulnerability of their current response plan. For those employees unable to participate in the simulation, they can watch from outside on a large screen installed on the side of the truck.
The scenarios put the team under pressure with limited informations, similar to a real data breach, says Barlow.
“The truck has three purposes: one is to run simulated environments; two is to provide security for large-scale events like sporting events or political events where we need a sterile environment. And then the third is to potentially help us with actual incident response, particularly when we get to some of these larger-scale breaches that need more involved response,” explains Barlow.
Once a team finish the simulation, the IBM Security team can provide feedback on how to improve their current procedures, if any.
The technology and design of the truck can be attributed to IBM’s Atlanta team, led by Nat Prakongpan, Senior Manager of X-Force Threat Intelligence and Integration Lab. IBM gained a presence in Atlanta in 2006 following the acquisition of Internet Security Systems (ISS), and built most of their Security Services team and Security Operations Center team from there.
The simulation truck has two rooms, one of which is the watch floor. The workspace boasts 20 workstations, 5 HD cameras for viewing all ongoing activities, and a main 75″ display in the collaboration area. The secure data connection from two satellite dishes with fast Wi-Fi and cellular connection allows the truck to drive into any office park or event and start training clients.
With 20,000 feet of data wiring and a self-powering generator, it has enough electricity to power a large home.
“The Cambridge headquarters was looking for a team that could do multiple things, not just product specific, but that knows the entire information security system and how each of the tools needed to work together to build a secure environment,” says Prakongpan. “That’s when he turned to my team as we were working on product integration.”
Barlow shares that building a strong security culture is vital for a company’s effective response during a data breach event.
“One of the biggest things that we teach people is that, when an incident occurs, they need to move out of their typical decision making process,” says Barlow. “You have to switch into more of an incident command type of model where you’re making decisions rapidly, you’re making decisions with the people that are available to you, and you’re working off of a set of pre-planned procedures that you laid out months or potentially years in advance.”
After traveling to client sites, schools and government facilities around the country, the truck’s final stop this week is IBM’s Atlanta office. It will also stop at Kennesaw State University to provide training to those in their cybersecurity program. In January, the truck will travel to Europe to visit multiple clients throughout 2019.
All images courtesy of IBM Security