IBM Security announced the industry’s first mobile Security Operations Center, capable of traveling onsite for cybersecurity training, preparedness, and response. The IBM X-Force Command Cyber Tactical Operations Center (C-TOC) will travel around the U.S. and Europe, running incident response drills with clients, providing on-demand cybersecurity support, and building cybersecurity awareness and skills with professionals, students and consumers.
The IBM X-Force C-TOC is a fully operational Security Operations Center on wheels, modeled after Tactical Operations Centers used by the military and incident command posts used by first responders. Housed in a tractor trailer, the mobile facility provides a gesture-controlled cybersecurity “watch floor,” data center and conference facilities that can accommodate two dozen operators, analysts and incident command center staff. The facility can be deployed in a variety of environments, with self-sustaining power, satellite and cellular communications, providing a sterile and resilient network for investigation and response as well as a state-of-the-art platform for cybersecurity training.
Historically, cybersecurity teams have been focused on detection and protection against cybersecurity incidents. However, as the threat landscape has evolved, organizations are now recognizing the need to plan and rehearse their response to security incidents as well. The 2018 Cost of a Data Breach Study1 found that companies that are able to respond to incidents effectively and remediate the event within 30 days can save over $1 million on the total cost of a data breach – yet less than 25% of professionals surveyed say their company has a coordinated incident response plan applied across the organization.
The IBM C-TOC will begin its journey travelling around the U.S. and Europe, with multiple purposes:
Response Training and Preparedness: With an increasing focus on improving incident response in the aftermath of major cybersecurity attacks, the C-TOC can help companies train their teams on techniques (both technical and crisis leadership) to respond to attacks while simulating real-world conditions of how hackers operate and key strategies to protect business brand and resources.
Onsite Cybersecurity Support: IBM designed the C-TOC with the capabilities to deploy the mobile facility as a client-specific, on-demand Security Operation Center. One potential use-case being explored is supporting sporting events or other large gatherings where supplemental cybersecurity resources may be needed.
Education and Awareness: When the C-TOC is in between IBM client engagements, it will travel to immerse people in one of the most realistic cybersecurity experience in the industry – visiting local universities and industry events, and even reaching primary school children with awareness efforts to build interest in cybersecurity careers and help address the growing workforce shortage.
“Experiencing a major cyberattack is one of the worst crisis a company can face, and the leadership, skills and coordination required is not something you want to test out for the first time when you’re facing a real attack,” said Caleb Barlow, Vice President of Threat Intelligence, IBM Security. “Having a mobile facility that allows us to bring realistic cyberattack preparation and rehearsal to a larger, global audience will be a game changer in our mission to improve incident response efforts for organizations around the world.”
Demand for Cybersecurity Preparation and Response Grows
IBM Security has identified incident response and preparedness as an underserved segment of the $114 billion cybersecurity market.2 In 2016, IBM invested $200 million in new incident response facilities, services and software, including the industry’s first Cyber Range for the commercial sector. Since then, IBM has taken more than 2,000 people through its immersive cybersecurity preparedness training in its facility in Cambridge, MA. With the launch of the X-Force C-TOC, this training is being taken directly to clients as well as an expanded mission to provide onsite preparedness and the potential for supplemental cybersecurity services.
To create this Cyber Range experience and the C-TOC, IBM consulted with dozens of experts from different industries, from emergency medical responders to active duty military officers. Along with IBM’s own cybersecurity expertise, the C-TOC experiences train teams on the essentials of leadership in crisis – from moving out of the organizations day to day structure and into an incident command hierarchy to thinking a step ahead to anticipate the next moves of an attacker.