At the X-Force Command Cyber Range in Cambridge, Massachusetts, we’ve seen hundreds of companies practice their response to a simulated cybersecurity attack. Teams from some of the world’s top intelligence and law enforcement agencies and financial institutions, and from a variety of industries from energy to technology, have trained in various scenarios in our range, which is modeled after a fusion team security operations center (SOC). These are all highly competent people, but many of them struggle in our breach challenges.

When we opened the Cyber Range, we knew our experts would be training security professionals in technical skills with hands-on-keyboard exercises. What we didn’t anticipate was the massive demand for the type of training we offer for those outside of the SOC. That’s why we strive to teach business leaders how the whole organization should respond to an event that affects every level of the business.

A Different Kind of Decision-Making Process

What we’ve learned from watching these teams of executives, board members and other leaders is that people need the most help when dealing with what comes after a breach — what we call “right of boom.” Many leaders come out of business school having studied a decision-making process that is slow, deliberate and based on mountains of data. But you don’t have that luxury after a breach — you are working against a ticking clock and with incomplete information. You have to learn a more military-style decision-making process, where you stand up an incident command team, designate a commander who is in charge, start walking down a runbook that’s been predetermined, and make hard decisions without hesitation.

Classroom-style learning, tabletop exercises and even talking to security leaders who’ve been through the experience of a breach aren’t enough to prepare you for the intensity of a rapidly changing situation where the survival of your business is on the line. You need to experience it yourself. That’s where the X-Force Command experience is different from other kinds of preparation, and even the other cyber ranges out there.

Our technical advisors and gamification experts have mastered the art and science of creating an experience that feels like a real breach. When the phones start ringing and you’re forced to react when the action is coming at you fast, there is a palpable sense of pressure. Going through this experience shows people what they’re made of, helps them learn how to respond in a stressful situation, and highlights where they need to improve their decision-making capacity.

In the heat of the moment, there’s no time to fumble through the playbook and figure out what to do next. That’s when your training and muscle memory kicks in and you execute your plan.

3 Takeaways From the X-Force Command Cyber Range

In the past couple of years, my team has learned a lot, too, about how to build the X-Force Command experience into a laboratory of cyber best practices. With more than 2,000 customers that have come through the range, we can share what some of the world’s most mature customers are doing to stay one step ahead of threats. We help teams conduct a gap analysis based on business key performance indicators (KPIs), and we teach you what a full business response looks like, both before and after an incident.

Below are three common themes we’ve noticed that tend to have a big impact on whether teams are successful in the range.

1. Culture Counts

Your company culture makes a big difference in how well you perform in a crisis. Some cultures are more inclined to run toward a problem, and those that do tend to fare better. It takes a cohesive unit and a common understanding in which people know their roles, but aren’t afraid to speak up or take charge when the time is right.

2. Playbooks Crack Under Pressure

Having a playbook is just the beginning. In the heat of the moment, there’s no time to fumble through the playbook and figure out what to do next. That’s when your training and muscle memory kicks in and you execute your plan. If you don’t practice it, you are exposed to an avoidable disadvantage.

3. Leadership Matters

Last but not least, you need leaders. Sometimes those leaders are not your executives. More often it’s someone who has done a tour in Iraq or Afghanistan or has spent time as an EMT. Some kinds of leadership can be taught in a classroom, but the true test of leadership happens in the arena. Leaders thrive in tough situations, and every tough situation needs leaders. If you’re like many organizations struggling to find qualified talent to fill empty cybersecurity chairs, you might need to look beyond the traditional places. Recruit and train leaders.

What’s Next: The X-Force Command Cyber Tactical Operations Center

There has been such tremendous demand to visit our X-Force Command Cyber Range that we decided pretty early on that we would need to expand our operations. But rather than trying to choose a location for customers to come to us, we want to bring the X-Force Command experience to you. This week, we reached the culmination of a months-long project to do just that, and I’m so excited to launch our new IBM X-Force Command Cyber Tactical Operations Center (C-TOC).

The X-Force Command C-TOC is a mobile command center, modeled after the tactical operation centers used by the military and first responders, but with a singular focus on cybersecurity. It’s the industry’s first mobile cyber range and watch floor — and it’s a technical wonder. To fit all the equipment necessary for an X-Force Command experience, the 23-ton trailer expands to more than twice its width. The whole thing is powered by a 47 kilowatt generator, allowing us to create an entire IT environment on a 100 TB VMware solid-state disk array. It’s easy to be impressed by the C-TOC’s size and appearance — like something straight out of a “Transformers” movie — but form really follows function.

Building on the mission of the Cyber Range, the primary goal of the C-TOC is to give more customers access to the cutting-edge simulations and response training we’ve developed from our experiences in Cambridge. However, the mobility of the C-TOC opens up many additional possibilities, such as education with students and the public, and even helping with cybersecurity efforts on-site at major events.

Check out the X-Force Command C-TOC website to learn more about why we built it and what it can do.

Take a closer look

More from Incident Response

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today