Two years ago, IBM opened one of the nation’s first commercial cybersecurity ranges in Cambridge, Massachusetts, to let companies practice responding to simulated cyberattacks. It describes the experience as “a game of Clue mixed with a Disney roller-coaster ride.”
In a windowless bunker packed with a data center, wall-to-wall monitors, atmospheric controls, dozens of work stations and a functional TV studio, participants have about four hours to investigate and respond to a fictional data breach. It’s like an escape room for security nerds.
The experience proved so popular — about 2,000 people, including chief executives and entire corporate boards, have played IBM’s game, which has an eight-month waiting list — that IBM decided to build a second range.
But this time, it’s going mobile.
The move is a reflection of the extent to which the threat of cyberattacks has captured the attention of organizations of all kinds, including the technology companies Facebook and Google, banks, military installations and those who run industrial control systems, like electricity and water providers. Tampering was a major issue in the election of President Donald Trump, of course, and is cause for concern as the midterm elections approach.
While companies are scrambling to get up to speed, they can’t always send an entire team away for a few days of training on how to spot and respond to a cyberattack.
Last week, the company introduced its mobile cyber command center, tucked into a heavily customized semitrailer truck. What IBM calls its “cyber tactical operations center” will make stops at college campuses and security-focused events before heading to Europe for a lengthy tour.
Officially, the trailer is intended for cybersecurity education and as a mobile response unit. Unofficially, it’s also a playground packed with tech bling where geeks can experiment with ways to combat cyberattacks that have yet to be imagined.
“People have put all kinds of cool things into trailers, but nobody has ever put a cyber command center into one before,” said Caleb Barlow, a vice president at IBM Security, where he leads the company’s X-Force Threat Intelligence organization and created the Cambridge range.
Touch screens displaying real-time threat monitoring — preferably with as many blinking charts and scary graphics as possible — are a must in any cyber war room. For the truck, IBM bought a 12-foot-long exterior screen that it said was one of the largest high-definition displays ever mounted to a vehicle.
It also crammed in 20,000 feet of networking cable, two satellite dishes with cellular links, a generator-fueled power plant and a light tower with the intensity of 60 car headlights. Its data center, stuffed with server racks and multimedia controls, fits into a space the size of a large refrigerator.
“This is toward the upper end of the most complicated trailers we’ve ever built,” said Mike Galvin, a sales manager for Featherlite, a manufacturer in Cresco, Iowa, that makes specialty trailers for emergency responders, mobile medical clinics and NASCAR teams.
On the road, the truck looks like any other shipping trailer hauling goods. But when it parks, it unfolds and triples its size. Beneath an extended canopy, IBM can unfurl a command post with 22 Mac-equipped work stations and a six-seat conference room.
The main training room closely resembles IBM’s Cambridge range, with touch-screen monitors on three walls showing charts, video clips and forensic material like snippets of malicious computer code. From a tablet, IBM’s employees can adjust the room’s displays. A tap on the tablet’s “breaking news” button shifts the room’s lighting from a soothing blue to urgent red.
“It helps us get the cortisol going,” Barlow said. “People react unconsciously to the visual cues.”
Cyber ranges take their inspiration from the military. Just as soldiers train in simulated environments for the conditions they might face in battle, cyber defenders regularly practice on virtual networks. A growing number of companies participate in cyber war games and stage mock attacks to test their defenses.
But few have the resources to build their own training arenas — a gap that security vendors are eager to fill. The companies Cyberbit and SimSpace make custom virtual ranges, and the military contractor Raytheon opened a 30,000-square-foot “live fire” range in 2015 for its customers.
Sean McKee, a senior cyber threat manager for TD Bank, visited IBM’s Cambridge range this year and was intrigued enough to plan a two-day training exercise there in December for 40 TD Bank employees.
The bank tests its crisis management plans at least once a year, incorporating everyone from front-line responders to its top executives, but its capabilities are less immersive than IBM’s, McKee said.
In IBM’s training game, if an executive bungles a media interview, the range’s TV screens show the company’s stock price plunging as customers fire off angry tweets. (Clips from Equifax’s widely criticized response to a data breach that exposed sensitive information on more than 145 million people are prominently featured in IBM’s presentation.)
“People immediately get to see the results of their actions,” McKee said. “It gives them a sense that there are other forces at play here and the decisions you make in a moment of crisis are going to have a lasting impact on your organization.”
Cybersecurity has become one of corporate America’s most pressing challenges, especially for companies that hold money or sensitive personal details. At least $445 billion was lost last year to cybercrime, a global economic study found, and an estimated 11 billion records have been stolen in data breaches, according to data compiled by the Privacy Rights Clearinghouse.
Regulators, lawmakers and corporate customers have responded with more stringent requirements that companies improve their defenses and practice their crisis-response plans for handling significant attacks.
“We’ve had growing demand from boards and C-suites, and it’s hard to get those people out to Cambridge,” Barlow said. “This is a way to bring training to them.”
At its debut in Brooklyn, IBM showed off its new mobile system at a customer conference. Then it was heading to the National Mall in Washington for a training event tied to efforts to prevent election hacking, and in November, it’s going to the Rochester Institute of Technology for a national penetration testing competition for college students.
IBM is still figuring out exactly what it will do with its new toy. The truck is a fully functional command center, Barlow said. It could, in theory, be sent to large events — IBM works on cybersecurity for the U.S. Open and Wimbledon tennis tournaments — to handle real-time threat response.
But its main purpose will be training. IBM plans to re-create its Cambridge mock-attack scenarios and build custom exercises for companies looking to test their skills.
McKee, a former Canadian army officer, said that his bank, like many, had responded to escalating threats by increasing the pace and complexity of its training exercises. TD Bank’s session in December at the Cambridge range will mix technical challenges for the bank’s security incident response team with legal, public relations and privacy trials for its top executives.
“I always run these exercises with the caveat that this is not a test,” he said. “A test is pass or fail. If you have certain areas where you go down in a flaming ball of fire, that’s a success. You found a critical vulnerability in your response.” – The Seattle Times