by Harry Rudin
As members of an emergency response team for a bank, you have been summoned together to handle an emergency situation: some of your data has been hacked and highly sensitive information is already on the Web; word of the situation is already in the news and a television crew is in front of your bank wanting an interview; some of your automatic teller machines do not work and complaints are pouring in. In this simulated scenario in IBM’s C-TOC centre, it is time to act!
IT security experts say the question is not if an organisation will be hacked, but when. A year ago ransomware was the preferred method of attack. Apparently the returns to hackers were limited and so they have moved on to hunt bigger game, namely large corporations. Ransomware attacks have diminished by 45 percent over the last year. On the other hand, crypto jacking has increased by some 450 percent. In crypto jacking, the target’s operating system is infiltrated by the hacker and used for the generation of cryptocurrency; much of the hacked system’s capacity is drained. Phishing attacks are also on the rise. Here the preferred method is compromised business emails wherein the hackers plant malware in the system software to gain the desired access to sensitive data.
Given this rapidly growing threat to IT systems, IBM put together its Cybersecurity Operations Centre. This was first available only in the US and was extremely popular among clients. To satisfy European needs, IBM built a second centre on wheels. The result is an eighteen-wheel, 23-ton semi-trailer packed with IT gear and even its own electrical power generating unit. Inside are twenty fully-outfitted workstations, backed by substantial computing power, complete with telephones. C-TOC has its own secure satellite communication capabilities. The “C-TOC” (Cyber Tactical Operations Centre) is patterned after military command centres and organised to respond to a cybersecurity crisis. There are three main objectives.
The first is education of business clients, especially the staff responsible for cybersecurity. C-TOC participants are taxed with a rapid-fire barrage of cleverly forged internal business emails, reports of data leaks, phone calls, notices of system failures and requests by the press for clarification of the situation. Even staff members trained for handling such situations often become unnerved and quickly forget that they are taking part in a simulation; there is a lot of adrenalin flowing. Clients can put their own cybersecurity crisis-response plans to the test in a simulated crisis and observe how their plans handle the situation. C-TOC’s security experts are available to help improve the plan.
The second objective is providing cybersecurity backup for large public events such as congresses or sporting events. With its knowledgeable security experts, mobility, back-up satellite communication links and self-contained power-generating capacity the C-TOC is well suited to this purpose.
Finally, since cybersecurity threats are rapidly growing, there is a raging demand for security professionals. The third goal of the C-TOC is security education and encouraging people to work in the field - particularly young people. Hopefully many of the young visitors will be enticed into exploring a career in cybersecurity. The C-TOC certainly presents a strong case for the importance of cybersecurity.
Figure 1: IBM’s 22-ton C-TOC underway (photo courtesy IBM).
Figure 2: Some of the C-TOC’s 20 workstations ready for a security crisis (photo courtesy L. Rudin).
Erno Doorenspleet, IBM
Harry Rudin, Swiss Editor ERCIM News