IBM will train companies against cyber attacks from high-tech truck The main problem is not an attack by hackers,
but the fact that companies do not have a contingency plan
if something like this happens. IBM wants to fill this gap
with a bus that passes by companies. The truck can also act
as a command center.
If you are looking for a spot
behind one of the twenty workplaces for the first time, you
will forget that you are in a truck within a minute. Three
rows of Apple equipment and telephones with built-in cameras
on the front, HD cameras and a large video wall on which all
kinds of information can be projected. There are no windows,
just those screens. Behind a door is the server room
including many tons of refrigeration capacity. For the
invited journalists there is Erno Doorenspleet, security
expert from IBM. Doorenspleet and his colleague provide the
guests with a training course that normally lasts three and
a half hours in one hour.
But before that happens, he
explains the problem: companies don't have a plan. Or
rather, most companies don't have a plan. According to IBM,
75 percent of companies (with the financial sector as a
favorable exception) have no idea what to do if they have to
deal with a security incident. And so it almost always goes
wrong, says Doorenspleet. Sometimes, under pressure,
companies want to publish something too quickly. If it turns
out to be wrong, people get confused and you can lose
confidence very quickly. His message: don't be a loser if
it's really about it. The question is not whether an attack
will take place, but when. So you'd better be prepared for
it.
Bad reaction
Recognising what is happening,
the technical side of the story, is generally still going
well, according to the expert. Then things go wrong. It's
very important how an organisation reacts. A bad reaction
often leads to more damage than an attack itself. The
solution: don't just think about what to do during an
attack. That costs you a lot of money and energy and your
reputation is destroyed. But if you've already experienced
it here, it's in your system and you know how to deal with
it. You don't learn how to swim on YouTube either.
IBM
takes this learning experience very literally. In a small
room, companies have to experience for themselves what it's
like to be attacked. The idea came from the United States,
where IBM already has a training centre at a fixed location.
For Europe, we opted for a custom-made moving truck that
visits companies on request. Now, at the beginning of his
career, he is in the parking lot of IBM's head office in
Amsterdam. With its black appearance, the X-Force Command
Cyber Tactical Operation Center, as its full name is, is
reminiscent on the outside of the truck of the American
eighties series Knight Rider. Of course not on the inside:
satellite and 4G connections ensure that the truck is always
connected, while a 47 kW generator can keep the centre
running for weeks, should the need arise. The 23-tonne
minivan is custom-built in Iowa. The gap does not mean that
the costs are exactly what they are: Count on only a few
million. You can compare it to a Formula 1 car. Everything
is made to measure there as well.
Lifelike
During
the training, employees are confronted with a scenario in
which their company is attacked. Hackers gain access to
sensitive files and demand ransom in the form of bitcoins;
the press gets wind of it and stock prices fall. In the
simulation, everything is lifelike, fast-paced, passing by,
right up to news broadcasts and an interviewer who puts the
company on the spot.
The idea is that a company that
follows the training delegates different departments, such
as ICT, communication, lawyers and HR. Each department has
its own interests and it turns out to be difficult to work
together. This cooperation is essential, says Doorenspleet,
together with a clear internal and external message. In
order to make the exercise as realistic as possible, IBM has
devised various scenarios. A bank is presented with a
different game than a hospital, airport or government
agency. IBM says it is constantly adapting the games. All
with the aim of training the right behaviour. And to keep
training.
Fortunately, things go well sometimes. As an
example, Doorenspleet mentions the reaction of the Danish
company Maersk (mainly known as a container shipping
company) after it was hit hard in mid-2017 by a digital
attack via a Ukrainian accounting program. There was a lot
wrong with the security (according to Maersk top man Jim
Hagemann Snabe it was at most average), but the response
from the top of Maersk could hardly be better, according to
Doorenspleet: From everything you could see that they had
thought about it very well beforehand. The communication was
open and clear. From day one Maersk told us clearly on
Twitter what was going on.
Without such a reaction,
the damage could have been considerably greater, thinks
Doorenspleet. The damage was still considerable: an
estimated EUR 300 million. The company had to install 4,000
new servers and 45,000 new PCs in ten days, a task that
would normally take six months. An expensive wake-up call,
said
Hagemann Snabe
later.
History
The main task
of the truck is training, but it will also be used as a
driving education centre along schools to help students
learn about all the digital dangers. The training will also
cover everything that takes place before it becomes clear
that something is wrong. After all, a cyber incident always
has a long history, which probably starts with a simple
phishing email to find out your passwords.
Finally, the
black monster can also be used in real action, apart from
training or education. For example, the mobile Cyber
Operations Centre can assist with temporary events to keep
attackers at bay. Another possibility is to support
companies whose own cyber centre has been shut down by
attackers. IBM's first-aid in Cyber attacks will still be in
Amsterdam in the coming weeks, after which it will start its
tour of Europe.
Source: Volkskrant Laurens Verhagen
and IBM.