IBM will train companies against cyber attacks from high-tech truck

The main problem is not an attack by hackers, but the fact that companies do not have a contingency plan if something like this happens. IBM wants to fill this gap with a bus that passes by companies. The truck can also act as a command center.
If you are looking for a spot behind one of the twenty workplaces for the first time, you will forget that you are in a truck within a minute. Three rows of Apple equipment and telephones with built-in cameras on the front, HD cameras and a large video wall on which all kinds of information can be projected. There are no windows, just those screens. Behind a door is the server room including many tons of refrigeration capacity. For the invited journalists there is Erno Doorenspleet, security expert from IBM. Doorenspleet and his colleague provide the guests with a training course that normally lasts three and a half hours in one hour. 
But before that happens, he explains the problem: companies don't have a plan. Or rather, most companies don't have a plan. According to IBM, 75 percent of companies (with the financial sector as a favorable exception) have no idea what to do if they have to deal with a security incident. And so it almost always goes wrong, says Doorenspleet. Sometimes, under pressure, companies want to publish something too quickly. If it turns out to be wrong, people get confused and you can lose confidence very quickly. His message: don't be a loser if it's really about it. The question is not whether an attack will take place, but when. So you'd better be prepared for it.

Bad reaction
Recognising what is happening, the technical side of the story, is generally still going well, according to the expert. Then things go wrong. It's very important how an organisation reacts. A bad reaction often leads to more damage than an attack itself. The solution: don't just think about what to do during an attack. That costs you a lot of money and energy and your reputation is destroyed. But if you've already experienced it here, it's in your system and you know how to deal with it. You don't learn how to swim on YouTube either.
IBM takes this learning experience very literally. In a small room, companies have to experience for themselves what it's like to be attacked. The idea came from the United States, where IBM already has a training centre at a fixed location. For Europe, we opted for a custom-made moving truck that visits companies on request. Now, at the beginning of his career, he is in the parking lot of IBM's head office in Amsterdam. With its black appearance, the X-Force Command Cyber Tactical Operation Center, as its full name is, is reminiscent on the outside of the truck of the American eighties series Knight Rider. Of course not on the inside: satellite and 4G connections ensure that the truck is always connected, while a 47 kW generator can keep the centre running for weeks, should the need arise. The 23-tonne minivan is custom-built in Iowa. The gap does not mean that the costs are exactly what they are: Count on only a few million. You can compare it to a Formula 1 car. Everything is made to measure there as well.

During the training, employees are confronted with a scenario in which their company is attacked. Hackers gain access to sensitive files and demand ransom in the form of bitcoins; the press gets wind of it and stock prices fall. In the simulation, everything is lifelike, fast-paced, passing by, right up to news broadcasts and an interviewer who puts the company on the spot. 
The idea is that a company that follows the training delegates different departments, such as ICT, communication, lawyers and HR. Each department has its own interests and it turns out to be difficult to work together. This cooperation is essential, says Doorenspleet, together with a clear internal and external message. In order to make the exercise as realistic as possible, IBM has devised various scenarios. A bank is presented with a different game than a hospital, airport or government agency. IBM says it is constantly adapting the games. All with the aim of training the right behaviour. And to keep training.
Fortunately, things go well sometimes. As an example, Doorenspleet mentions the reaction of the Danish company Maersk (mainly known as a container shipping company) after it was hit hard in mid-2017 by a digital attack via a Ukrainian accounting program. There was a lot wrong with the security (according to Maersk top man Jim Hagemann Snabe it was at most average), but the response from the top of Maersk could hardly be better, according to Doorenspleet: From everything you could see that they had thought about it very well beforehand. The communication was open and clear. From day one Maersk told us clearly on Twitter what was going on.

Without such a reaction, the damage could have been considerably greater, thinks Doorenspleet. The damage was still considerable: an estimated EUR 300 million. The company had to install 4,000 new servers and 45,000 new PCs in ten days, a task that would normally take six months. An expensive wake-up call, said Hagemann Snabe later.

The main task of the truck is training, but it will also be used as a driving education centre along schools to help students learn about all the digital dangers. The training will also cover everything that takes place before it becomes clear that something is wrong. After all, a cyber incident always has a long history, which probably starts with a simple phishing email to find out your passwords.
Finally, the black monster can also be used in real action, apart from training or education. For example, the mobile Cyber Operations Centre can assist with temporary events to keep attackers at bay. Another possibility is to support companies whose own cyber centre has been shut down by attackers. IBM's first-aid in Cyber attacks will still be in Amsterdam in the coming weeks, after which it will start its tour of Europe.

Source: Volkskrant Laurens Verhagen and IBM.