In late 2016, IBM announced the availability of its full-scale cyber range at the Cambridge, MA headquarters of its security division. With two shifts per day and currently booked out six to eight months, it’s been a huge success for the division. The range isn’t just about training security incident response analysts; it’s a full immersion experience for cross-functional teams of business, IT, and security professionals using real-world scenarios that mimic the genuine stress and unexpected twists and turns of a cybersecurity incident. The cyber range doesn’t just help cross-functional teams learn the best practices of good cybersecurity incident response; it helps them train under pressure, like the way first responders train. Imagine if firefighters, police, and EMTs only relied on tabletop exercises. How ready would they be when someone called 911?
Having spent 20 years (I can’t believe I can say that) in the business continuity and disaster recovery fields, when I ask clients about their most important lessons after an invocation, they always talk about how much they underestimated the difficulty of communicating and responding effectively under the duress of a real event — particularly when the stakes are high. People respond to stress differently. And people will surprise you. Good leaders will become overbearing or lose their tempers; quiet individuals will suddenly step up to take charge. You’ll even find that under stress, people will suddenly revert to their primary language. Even the most mature teams with the best-documented plans will suddenly break down yelling at each other. This cyber range is designed to surface these issues ahead of time to ensure a cohesive response in the event of an incident.
To keep up with demand, particularly from clients in Europe and clients that can’t fly their entire teams to Cambridge, IBM spent a year and a half building a custom mobile cyber range, or Cyber Tactical Operations Center (C-TOC). The best way to describe it is to imagine the cyber range condensed into a custom mobile trailer — but calling it a trailer doesn’t do it justice. With the door closed, it feels like you’re sitting in the cyber range in Cambridge; at 23 tons, it contains a conference room, 20 workstations, extensive communication (two satellites, four dedicated cellular uplinks, fiber-optic cables, etc.), 100 TBs of solid-state drives and the necessary compute resources to simulate a large scale cyberattack, 47 kW of self-generating power, and gesture-controlled, high-def video screens.
The C-TOC will be in the US for a few tours, but IBM’s plan is to ship it to Europe to serve clients there. The goal for the C-TOC is to continue offering the immersive experience it delivers in Cambridge. But here are some additional use cases that could exist:
- A vehicle to promote overall security awareness and exposure to cutting-edge technologies. Tours and immersive experiences expose teams and students without proper SOCs to a cutting-edge SOC environment. Not every company needs this level of advanced SOC, but it’s still helpful to see what’s possible.
- An on-demand SOC at large events (e.g., political campaigns, large sporting events, etc.).
- A recruiting tool for junior talent. Pulling up to a college or high school for a day to show students what some of the industry’s opportunities entail is much more exciting (and a bigger standout) than a career fair booth.
- A means of rehabbing security’s isolating image. Stepping inside this mobile command center smashes security’s previous reputation of hooded hackers lurking in basements and instead showcases security’s true teamwork elements. Seeing the industry in this new light opens the door for so many candidates that may have not otherwise considered a career in the field.
Cyber ranges are growing in popularity for IR providers and general security vendors as a means of building relationships with clients and offering additional services and technology — so much so that we at Forrester now follow cyber ranges as its own category under the umbrella of detection and response capabilities. IBM is not the first or the last security vendor to offer a cyber range, but compared to other vendors, it is making a massive investment in this arena, and it’s clear that it’s strategic to the company’s overall vision. Given the hunger for good security talent and the need to fill the recruiting pipeline in the security industry, I’m excited for the competition in the space.