IBM’s X-Force Command Cyber Tactical Operations Center rolls into Dublin
7 February 2019 | 0
The Cyber Tactical Operations Center (C-TOC) from IBM’s security group X-Force Command is a fully operational security operations centre (SOC) on wheels, modelled on the tactical operations centres as used by the military and first responders’ incident command posts.
The centre is housed in an articulated lorry with an expandable cabin. The fully mobile facility provides a gesture-controlled cyber security “watch floor”, data centre and conference facilities that can accommodate two dozen operators, analysts and incident command centre staff. The facility can be deployed in a variety of environments, with self-sustaining power, satellite and cellular communications, providing a sterile and resilient network for investigation and response, as well as a state-of-the-art platform for cyber security training.
The idea for the X-Force C-TOC is to provide simulation and training services for incident response, or a fully-fledged computer emergency response team (CERT) capability.
Currently touring Europe, the C-TOC was in IBM’s Damastown campus recently, where schoolchildren, the press and business people were shown its capabilities, including full incident scenario enactment, complete with media interview, simulated data breach and ‘live’ stock price monitoring for a fictious entity experiencing a bad day.
“Experiencing a major cyberattack is one of the worst crises a company can face, and the leadership, skills and coordination required is not something you want to test out for the first time when you’re facing a real attack,” said Caleb Barlow, vice president, Threat Intelligence, IBM Security. “Having a mobile facility that allows us to bring realistic cyberattack preparation and rehearsal to a larger, global audience will be a game changer in our mission to improve incident response efforts for organisations around the world.”
The C-TOC can provide secure communications via two vehicle mounted satellite uplinks, with 1,000Mbps each, as well as four cellular uplinks.
Security veteran Erno Doorenspleet, global executive security advisor, IBM, leads the C-TOC team.
Doorenspleet said there is huge demand for incident response training, as people ask “Do we know what to do when under attack?”
He and introduced the capabilities of the mobile facility.
This is a “Fully customised environment to deliver incident response capability for Europe,” said Doorenspleet,
Onboard, there is a data centre comprising a large VMware cluster, with 1,000TB solid state storage array, with a 10T cooling capacity. All this is powered by a 47kW self-generation capacity, or the ability to plug into a hard stand where available.
Doorenspleet said the C-TOC can provide military-grade training that promotes “muscle memory” to “remove the panic” from incident response.
He said that according to figures from the Ponemon Institute, only 25% of enterprise has an incident response plan, and even fewer test it regularly.
Most plans fail on exposure to the test scenarios, he added.
The C-TOC gives organisations the ability to experience real world situations. These include the “Cyber Best Practices Laboratory,” with real world examples based on experiences with customers in IBM’s Cambridge Cyber Range. It enables companies to participate in an immersive, gamified cyber attack, allowing teams to test incident response plans under a realistic, high pressure simulation.
Other examples of these attack scenarios include:
Ox Response Challenge: A challenge is designed for the executive team to immerse a wide variety of stakeholders in a realistic “fusion team” environment in which players must figure out how to respond to a cyberattack as a team, across dimensions such as technical, legal, public relations and communications.
OpRed Escape: Participants can get into the mind of a cybercriminal and learn to think like a hacker; this exercise puts participants into the “seat” of a real-world attacker, learning the ways bad guys break into networks by watching an expert and getting hands-on experience with a malicious toolset.
Cyber War Game: In this hands-on scenario, participants will uncover a cyber-attack lead by a cybercrime gang targeting a fictitious corporation. Operating on the C-TOC’s simulated corporate network, participants will use technical tools to identify the threats and shut them down, while also building a response plan and developing leadership and crisis management skills.
Military signal’s intelligence veteran Benjamin Poernomo is C-TOC chief of operations, and takes participants through the mechanics of simulations, pressing home the need for cooperation, effective communication and efficient use of resources under pressure. Poernomo emphasised the concept of “Commander’s Intent,” whereby a clear line of intent for what to do in a crises situation is established, clearly communicated and then acted upon by all concenred parties.
There is even a prying journalist, one “Helen Highwater”, played by C-TOC product and services architect Sophia Smith. A cybersecurity technical specialist for financial markets, Smith develops client experiences in the centre, ensuring realistic environments to hone the skills, internal and external for CERT participants.
For more information, see the X-Force Command page.