IBM Has Created a Mobile Tactical Operation for Cybersecurity Emergencies
Want to learn more about the new Security Operations Center announced this week by IBM Security? Check out this post to learn more about C-TOC.
Join the DZone community and get the full member experience.Join For Free
Coinciding with National Cybersecurity Awareness Month, this week, IBM Security announced the industry's first mobile Security Operations Center, capable of traveling onsite for cybersecurity training, preparedness, and response. The IBM X-Force Command Cyber Tactical Operations Center (C-TOC) will travel around the U.S. and Europe, running incident response drills with clients, providing on-demand cybersecurity support and building cybersecurity awareness and skills with professionals and students.
The IBM X-Force C-TOC is a fully operational Security Operations Center on wheels, modeled after Tactical Operations Centers and used by the military and incident command posts, which are used by first responders. Housed in a tractor trailer, the mobile facility provides a gesture-controlled cybersecurity "watch floor," data center, and conference facilities that can accommodate two dozen operators, white hat researchers, analysts, and incident command center staff. The facility can be deployed in a variety of environments, with self-sustaining power, satellite, and cellular communications, providing a sterile and resilient network for investigation and response, as well as a state-of-the-art platform for cybersecurity training.
The IBM C-TOC will begin its journey traveling around the U.S. and Europe, with multiple purposes:
Response Training and Preparedness: With an increasing focus on improving incident response in the aftermath of major cybersecurity attacks, the C-TOC can help companies train their teams on techniques (both technical and crisis leadership) to respond to attacks while simulating real-world conditions of how hackers operate and key strategies to protect business brand and resources.
- Onsite Cybersecurity Support: IBM designed the C-TOC with the capabilities to deploy the mobile facility as a client-specific, on-demand Security Operation Center. One potential use case being explored is supporting sporting events or other large gatherings where supplemental cybersecurity resources may be needed.
- Incidence response: C-TOC will boost incident response resources for victims of major cyber attacks, helping them simulate future attacks and learn advanced defense strategies. The rolling Centre will also provide on-site support. One potential use case being explored is supporting sporting events or other large gatherings where supplemental cybersecurity resources may be needed, according to IBM.
IBM operates one of the world's broadest security research, development, and delivery organizations, monitoring 60 billion security events per day in more than 130 countries and has been granted more than 8,000 security patents worldwide. In 2016, IBM invested $200 million in new incident response facilities, services, and software, including the industry's first Cyber Range for the commercial sector. Since then, IBM has taken more than 2,000 people through its immersive cybersecurity preparedness training in its facility in Cambridge, MA. With the launch of the X-Force C-TOC, this training is being taken directly to clients as well as an expanded mission to provide onsite preparedness and the potential for supplemental cybersecurity services.
The C-TOC training includes a "Cyber Best Practices Laboratory" with real-world examples based on experiences with customers in the Cambridge Cyber Range. It will also enable companies to participate in an immersive, gamified cyberattack, which allows teams to test incident response plans under a realistic, high-pressure simulation. Some examples of these attack scenarios include:
Ox Response Challenge: This challenge is designed for the executive team to immerse a wide variety of stakeholders in a realistic "fusion team" environment in which players must figure out how to respond to a cyber attack as a team across dimensions such as technical, legal, public relations, and communications.
- OpRed Escape: Get into the mind of a cybercriminal and learn to think like a hacker — this exercise puts participants into the "seat" of a real-world attacker, learning the ways bad guys break into networks by watching an expert and getting hands-on experience with a malicious toolset.
- Cyber War Game: In this hands-on scenario, participants will uncover a cyber-attack lead by a cybercrime gang targeting a fictitious corporation. Operating on the C-TOC's simulated corporate network, participants will use technical tools to identify the threats and shut them down, while also building a response plan and developing leadership and crisis management skills.
There's currently a skill shortage when it comes to cybersecurity analysts and experts, and it's hoped that exposure to the cybersecurity operations will give students an incentive to consider security operations as a career. It will certainly offer a compelling opportunity to those wanting to learn more and hopefully increase the odds that the white hats will stay just that bit more ahead of the cybercriminals.
Opinions expressed by DZone contributors are their own.