Take A Walk Inside The World Of Cyber Warfare, Right Here In Cambridge

January 5, 2017

While Donald Trump is casting doubt on the seriousness of cyber attacks, that's not the case for businesses that fear a security breach. IBM has created X-Force Command, a cyber range in Cambridge that simulates cyber attacks so people from all industries can detect a breach and respond diligently.

The cyber range is the brainchild of Caleb Barlow, vice-president of threat intelligence at IBM Security.

“The key thing we are trying to build here is the leadership skills to not only identify that you’re being attacked,” says Barlow, “but just as importantly, know how to respond to an attack when it occurs. This isn’t any different from practicing a fire drill.”

With that approach, the cyber range is not just for the IT department of a company to come in and train. Barlow says a cyber attack affects every level of a business or organization.

“This is a very popular misconception—that this is just an IT problem. It goes all the way from IT to human resources to the board of directors to your customers and partners. You need to know how you’re going to respond and how those relationships are built ahead of time.”

Organized crime vs. nation states

The Department of Justice reports the number of ransomware attacks are on the rise, clocking in at 4,000 attacks daily. And these attacks are increasingly coming via phishing scams. A recent report out of IBM Security found that 40% of phishing attacks in 2016 had ransomware in it—a staggering increase over .6% in 2015.

It’s relatively easy to track where an attack comes from, however, the use of proxy servers can elude security analysts of the true origin. Knowing the motive for an attack is even murkier but the reality is that 80% of cyber attacks come from organized crime. Nation states conducting cyber espionage have been dominating the headlines lately but they make up the minority of offenders

“We have to recognize that the underlying challenge that we have to deal with as a society is organized crime,” says Barlow.

Several industry insiders say companies will often blame nation states to keep the Securities and Exchange Commission from launching an investigation. This further amplifies the idea of nation states playing a more prominent role in these attacks.

Attack mode

IBM’s Global Security Executive Advisor, Diana Kelley, walks me through a malware attack that’s taken over “my company’s” network.

“We’ve created an attack where a phishing email came,” says Kelley, “So an email that someone clicked had malware attached to it and the malware infected the system.”

This isn’t pretend—it’s real malicious software but it’s all contained within IBM Security’s cyber range.

Kelley shows me the backend of the network, and the number of IP addresses going red is doubling, tripling. The malware is rapidly making its way through the network. Since I’m no security expert, I don’t know what it means—but now I know what it looks like. And Kelley says there’s value in that for company executives who can be generally clueless about these things.

“Here you can be better at detecting because you can identify the activity. We have an attacker so you can see what it looks like. But also very importantly, being better at improving your response.”

I’m a CEO now

Part of the whole experience at IBM’s cyber range includes teaching a CEO how to deal with the public fallout of a breach. This involves sitting executives down in front of a TV camera in a fully operable TV studio IBM built for this purpose. Of course, Caleb Barlow delights in reversing roles and plants me in front of the green screen. I’m now the CEO of a company that’s dealing with a major breach. Stocks are in freefall. There’s a lot at stake.

“You don’t know how your company is going to fare,” Barlow says, “But everyone out there is talking to reporters speculating on this breach. And you need to get in front of this problem and show leadership and that you’ve got in under control. Let’s see how you do.”

A breaking news segment begins, and I’m suddenly fielding questions from a very convincing actress playing a hostile CNBC-type host named Amy, asking me when I found out about the breach, the magnitude of it and she even asks me if I’ve been asked to resign. Amy is disgusted with all my answers. Remarkably, my palms get sweaty and I find myself getting defensive but I keep my cool and manage to answer these questions as though I am the CEO of this fictitious company. When it’s all over, I get the point—all of us need to be prepared.

In the meantime, back up your computer.


WGBH News is supported by:
Back to top