Observing the ongoing barrage of ransomware attacks against local governments, IBM plans to invite groups of city IT officials and other municipal leaders to practice responding to those attacks at its state-of-the-art cyber range in Cambridge, Massachusetts.
The computing giant’s X-Force Threat Intelligence security group announced Tuesday that for three months beginning in October, IBM Security’s cyber range will play host to monthly training exercises in which city officials will respond to a simulated ransomware attack.
“They’re growing in volume,” said Wendi Whitmore, the vice president of the X-Force group. “And the ransoms are getting much higher. The reason this continues to happen is because they are working.”
IBM Security opened its Cambridge site in 2016 as one of the first cyber ranges available for commercial activities, rather than the academic settings where most such facilities are found. Designed to replicate an advanced security operations center, it’s ordinarily used for corporate IT training, such as a large financial firm practicing how it would respond to an Equifax-like data breach or a manufacturer guarding against an attempt to steal intellectual property. Participants are often faced with scenarios in which they play the part of a fictional Fortune 500 company trying to fend off a cyberattack before it overtakes the entire enterprise.
But the trainings for cities, which begin Oct. 22, will be the first time IBM Security has offered its cyber range to a sector for free. A key part of why IBM is offering the courses is because local governments are frequently shorter-staffed than their private-sector counterparts, Whitmore said.
“Cities are not the only place this happens, but they are more public,” she said. “There’s also a massive skills shortage in our industry as a whole. But there’s especially a skills shortage in local government.”
According to an IBM press release, the simulations will use “live malware” and “real-world hacking tools” to attack an air-gapped network.
“Most of our attacks start relatively small,” she said. “And then they get bigger and bigger and balloon out, and that’s similar to how they work in real life. They do usually get to the point of ‘breaking the business.'”
Over the course of the drills, participants will go through scenarios in which a payroll system, internal communications or even 911 services are compromised, testing whether or not they created secure backups of critical information.
“Something many organizations struggle with is whether the actual data that’s been encrypted is recently backed up,” Whitmore said.
In Baltimore, which is still recovering from a May 7 ransomware attack, officials revealed last week that some of the city IT department’s performance data was permanently lost after not being backed up off-site.
Whitmore said IBM’s upcoming scenarios will also rope in all sorts of officials who might play a part in dealing with a cyberattack. In particular, the range offers training on informing the public — a task some ransomware victims have struggled with — by including a mock TV studio where officials can practice getting “grilled” by the media.
“Our range brings in a variety of stakeholders,” she said. “Everything from news presentation or the ability to get phone calls and work with other departments.”