Militaries understand the importance of training in as realistic a manner as possible. It helps automate responses and find areas that need improving, and, most importantly, those involved walk away unscathed.
Those benefits are not lost on cybersecurity professionals who are increasingly incorporating military-style training into digital defensive and offensive security strategies. One example is the approach taken by the cybersecurity company root9B. R9B CTO Michael Morris suggests that having trained personnel who think like adversaries is as important as the defensive technology in use.
SEE: Security awareness and training policy (Tech Pro Research)
The people at IBM’s X-Force Command Center agree and work hard to create training conditions that are as realistic as possible. That realism is achieved by immersing people in simulated attacks at the company’s Cyber Range. This IBM press release explains how that is achieved:
“IBM’s Cyber Range uses live malware, ransomware, and other real-world hacker tools culled from the dark web to deliver realistic cyberattack experiences. The facility features an air-gapped network of a fictitious corporation, used for simulated attacks, consisting of one petabyte of information, more than 3,000 users and a simulated version of the internet.”
To create lifelike cyberattack experiences, IBM employs gamification and hires professionals, including Allison Ritter, to develop the attack scenarios. “I create storytelling simulations of what it would be like if your company was going through a cyber breach,” Ritter explains to Liam Berry in this WayUp Community article. “My team focuses on the entire breach process, from when hackers gain access, to when the news of the hack reaches Twitter, or the company’s stock is dropping as a result.”
Besides setting up scenarios for clients who attend a scheduled simulation designed for their company, Ritter designs cybersecurity challenges; one that is garnering a lot of interest is called The Vault. The game simulation tests logic and analytical skills by requiring participants to crack six digital locks. Besides gaining insight into what hackers are capable of, the 2018 winners received a free trip to the IBM Research Center in Cambridge, MA.
3 cyber best practices
With two-plus years of Cyber Range experience, Caleb Barlow, vice president at IBM Security as well as lead of IBM’s Threat Intelligence and Incident Response Teams, has much to reflect on. “My team has learned a lot on how to build the X-Force Command experience into a laboratory of cyber best practices,” writes Barlow in this IBM Security Intelligence article. “With more than 2,000 customers having been through the range, we can share what some of the world’s most mature customers now take into consideration to stay one step ahead of threats.”
Culture counts: Barlow writes that company culture makes a big difference in how well an organization performs in a crisis, adding, “It takes a cohesive unit and a common understanding in which people know their roles, but aren’t afraid to speak up or take charge when the time is right.”
Playbooks crack under pressure: Military strategists understand that during an attack is not the time to page through the playbook hoping to figure out what to do next. “That’s when your training and muscle memory kicks in and you execute your plan,” explains Barlow. “If you don’t practice it, you are exposed to an avoidable disadvantage.”
Leadership matters: Not unexpected, Barlow and his team have found that under duress those with military or emergency-services experience step up and supply the needed leadership. “Some kinds of leadership can be taught in a classroom, but the true test of leadership happens in the arena,” concludes Barlow. “Leaders thrive in tough situations, and every tough situation needs leaders.”
SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)
IBM’s Cyber Tactical Operations Center
With 1,000 clients visiting the Cyber Range a year, Barlow says IBM management decided to expand operations. “Rather than trying to choose a location for customers to come to us, we decided to bring the X-Force Command experience to the client,” adds Barlow. “… and I’m excited to announce the launch of our new IBM X-Force Command Cyber Tactical Operations Center (C-TOC).
“The X-Force Command C-TOC is a mobile command center, modeled after the tactical operation centers used by the military and first responders, but with a singular focus on cybersecurity,” continues Barlow. “To fit all the equipment necessary for an X-Force Command experience, the 23-ton trailer expands to more than twice its width. The whole thing is powered by a 47-kilowatt generator, allowing us to create an entire IT environment on a 100 TB VMware solid-state disk array.”