To Sell Europe on Cyber Security, IBM Turns to Big Rig Operations Center

(Bloomberg) -- “Who was that just now on the phone?”

Caleb Barlow, vice president of International Business Machines Corp.’s X-force threat intelligence cybersecurity team, wants to know. 

I’ve just fielded a call from a woman claiming to be a reporter about to publish a story that 75 million customer records have been stolen from my company and posted on the internet. I have no idea what the answer is to Barlow’s question.

To Sell Europe on Cyber Security, IBM Turns to Big Rig Operations Center

As a journalist, I’ve covered cyberattacks and data breaches before, but it’s my first time being on the other end of that phone call. And as I forgot to take the name of the reporter, I just failed my first test in responding to a cyber attack on Bane & Ox, a Fortune 100 financial firm.

Luckily for me, neither Bane & Ox nor the cyberattack are real. They’re part of a simulation IBM is hosting to showcase the capabilities of the latest addition to its cybersecurity arsenal: a custom-built 18-wheel truck trailer containing a mobile security operations center

IBM is using the Big Rig – painted black and emblazoned with IBM’s logo and “X-Force Command” in giant white lettering on its side –  to train corporate teams in how to respond to cybersecurity incidents.

A year-and-a-half in development, IBM unveiled the mobile cybersecurity unit in October. After a brief tour of the U.S., it shipped the truck in December to the U.K., where on Monday it was parked in a small lot behind the National Theatre on the bank of the River Thames in London. IBM plans to take it on a mini-Grand Tour, stopping off in Dublin, Amsterdam and Madrid. When not roving, the truck will be based at IBM’s research lab in Hursley, near Winchester, England.

As it wends its way through Europe, IBM is bringing in corporate teams for cybersecurity excercises, Barlow said.
The first four-hour training session is free. If teams wants to conduct additional training beyond that, then IBM charges, he said.

The exercises IBM conducts in the mobile unit are designed to be as realistic as possible. In the scenario I participated in, the pressure ramps up quickly: after the initial phone call from a reporter alerting Bane & Ox to the data breach, there’s a ransomware attack, employees trapped in an elevator that may have been hacked, customers calling to ask if their money is safe, rumors flying on social media, and a group of reporters that shows up at headquarters demanding answers.

To Sell Europe on Cyber Security, IBM Turns to Big Rig Operations Center

Barlow said the idea was to get executives to understand what it would be like to have to operate in the adrenaline-charged atmosphere and to try to build the mental “muscle memory” they would need to respond to a real incident

The custom Big Rig is also a marketing billboard for Big Blue. It’ll be used to interest university students and school children in cybersecurity careers as well as to provide a command post for IBM’s own cybersecurity experts at major events like sporting championships and political conventions, Erno Doorenspleet, IBM’s global executive security adviser, said. 

Inside, the 23-ton trailer with expandable side panels – made for IBM by Iowa-based Featherlite Trailers and hauled by a Mercedes-Benz Actros heavy-duty tractor unit – is a fully-equipped 20-seat operations center, with banks of chairs, flat screen monitors and phones, all facing a massive high-definition video wall. It also has onboard a 100-terabyte VMWare data center – involving all solid state memory to avoid the need for any spinning parts that might be damaged by the truck’s movement while underway. The whole system can be powered by a 47-kilowatt generator, with enough fuel onboard to run for two days.

Although the company declined to say how much it had spent on the mobile operations center, Barlow said it was part of 155-million-pound ($200 million) investment IBM has made in cyber incident response since 2016.

That was the year IBM began conducting cyberincident response simulations for corporate customers at a facility in Cambridge, Massachussetts. Barlow said 2,500 IBM clients had been through this training. But, Barlow said, his team realized that more than a quarter of the companies attending the Cambridge “Cyber Range” were European and that IBM needed to find a way to make it easier for continental companies to access this training without having to fly to the U.S.

Nick Coleman, a former U.K. government security official who’s now IBM’s Cybersecurity Global Leader, said that the demand for cybersecurity incident response training was particularly acute in Europe, citing figures from a 2018 U.K. government report that while 40 percent of U.K. companies reported having experienced a data breach and 74 percent said such breaches were a “high priority,” only 13 percent said they had an incident response process in place.

©2019 Bloomberg L.P.