The Value of Immersive Experiences in Cyber Security
Yesterday PAC attended a ‘cyber security immersive experience provided by the IBM X-Force Cyber Tactical Operations Center team’. In plainer language, this means that we were given the opportunity to experience a role-play exercise in cyber security that is normally reserved for IBM’s board-level prospects and clients.
The IBM X-Force Command Center Tactical Operations Center (hereafter ‘C-TOC’) is a 18-wheel truck, fully equipped and able operate as a mobile Security Operations Center (‘SOC’), modelled after the mobile tactical operations centers long used by military and emergency services. To this end the C-TOC is equipped with 1000 Mpbs satellite communications, an on-board mini data centre running mainly on VMware, with 100 TB of SSD storage, and supported by 47kW of local generator capacity.
(For more on IBM Security, see the profile that forms part of our SITSI® continuous research programme)
However the main function of the C-TOC is not primarily to roll a SOC into cyber disaster zones, but rather to bring a realistic SOC facility to IBM’s prospects and clients. This enables IBM to bring realistic simulations of a cyber incident to locations that are convenient for their customers’ top level executives.
This gives leaders within IBM’s customer base the opportunity to experience in real time a security event, and practice how their organization would respond to such an event, replicating in mobile form an executive training that IBM already delivers to customer in US.
IBM’s reason for creating this capability (which is offered free of charge to invited participants) is the low level of current preparedness within most organizations for an intrusion - IBM estimates that less than 25% of organizations have up-to-date incident response plans in place.
It’s certainly true that the exercise is designed to be realistic and engaging. At the same time we can well believe that for executives called to respond under stress in front of their peers to the unrehearsed critical events simulated in the exercise, the experience would be sobering.
And this is precisely the point of C-TOC – to provide indisputable evidence to senior customer leadership of the need for clear and well-practiced people and process, to manage incidents beyond the scope of IT / IRT.
PAC can understand the value of a vivid lesson to underscore this point. It is only by maintaining and regularly rehearsing for cyber events, that organizations can be ready for the incidents will eventually encounter. If simulated events help gain the commitment needed to be prepared, this will benefit IBM, their customers, and their customers’ customers.