Presented in Milan the operational-tactical command of IBM on 19 wheels. An articulated vehicle ready to intervene anywhere necessary to counter-attacks on a nation’s infrastructure and restore the functioning of companies and smart cities.
TELEPHONES ring uninterruptedly, emails of terrified managers materialize on the screens, journalists press down in front of the door and the board of directors is urgently summoned late at night. What happened? A cyber attack hit a large bank on the day of the merger with a major trading partner. The IT incursion has exposed 10 million credit cards in the dark web. An incalculable disaster. The news, spread on social networks by a hacker group, came to the editors who draft the first direct: the value of the bank’s shares collapses, depositors are competing to withdraw money from ATMs that are in turn blocked by a ransomware, a type of malware that blocks devices and asks for redemption: panic is unleashed in the city. But fortunately, it’s just an exercise.
The same adrenaline flows, however, aboard the IBM cyber-truck, the mobile operating center of the X-Force, a self-propelled tactical command that the multinational has decided to set up to intervene in situations of serious cyber attack. Like the one simulated in the presence of journalists. We are in Piazza Leonardo da Vinci in Milan, inside what with a somewhat complicated name, the IBM X-Force Command Cyber Tactical Operations Center, (C-TOC), is the first cybersecurity operations center on ruotè in the world.
Conceived as the future of training in the field of emergency response, it is an 18-wheeler truck and houses a fully functioning cybersecurity operations center. Onboard there are 19 stations where malware analysts, cryptographers, industrial system experts train themselves to beat an enemy visible only for its effects: the interruption or sabotage of systems critical for the normal functioning of the company: energy networks, transport, telecommunications, markets.
Starting from the United States at the end of 2018, the C-TOC is visiting the main European cities and in Milan it is presented to show Italian companies how it is possible to work together to react at best during and after an attack, planning the response and, above all, testing it among the various business functions. A very important phase, given that companies on average take 200 days to understand that they have been punctured and a single security incident costs around almost over 3 million euros based on an analytical average of 500 companies studied by the Ponemon Institute.
The C-TOC makes it possible to carry out simulated computer attacks in order to prove realistically how they can influence all those who operate within the companies affected. It can be configured as an immersive cyber range, a platform for attack and defense competitions, CFT (Capture the Flag).
“The C-TOC – says Francesco Teodonno, cybersecurity director of IBM Italy – has computer skills of 23 tons, to be taken wherever they are needed, available to organizations, institutions, and companies. And in the coming days, we will open it to all students who they will want to visit it “. But what is a cyber-range for? And why should he be on two wheels? “Because you have to train yourself as if you were fighting”, says Pompeo D’Urso, the C-TOC manager who led the simulation.
A cyber-range is a training circuit where typically two opposing teams of computer experts battle to attack, with the red team, and to defend, with the blue team, sensitive objectives from the point of view of operational continuity such as , of ports, dams, hospitals, smart cities, faced with a cyberattack on the type of those that blocked the health of England and Danish ports during the Wannacry malware epidemic.
Properly trained and once putting themselves in the shoes of the attackers, another in those of the defenders, the cybersecurity specialists involved can develop the hard and soft skills necessary to prevent criminals from achieving their goals. The training, of military origin, has long been realized as a team game in the Capture the flag, the digital flag-bearer at the center of the major kermes in the sector, from the Black Hat Conference to the DEF CON in Las Vegas.
It has been talked about in Italy for some time and, while the military cyber range of Chiavari has taken the first steps, the civil one that should be headed by the universities is starting. Training in cyber-range, such as the inclusion of playful elements in cybersecurity training, gamification, sometimes implements the techniques of role-playing games that in-company training serves to “practice” to be prepared for critical events that they can definitively undermine the image of a company by causing material damage and stratospheric compensation for the interruption of a service.
But it also serves to create the necessary interest to lead young people to choose poorly available professions and to create awareness, that is aware of the importance of cyber-resilience, the ability to recover as soon as possible from a computerized shock.