You may not have been aware there was a presidential election in Ukraine last Sunday, but all eyes in the cybersecurity and intelligence communities were keenly focused on this event. In the past few years, cyberattacks targeting elections in democratic countries, including the U.S., have become increasingly disruptive. And in the past few months, international observers have seen disinformation campaigns attempting to influence the outcome of the Ukraine election.
Leading up to the election, the IBM X-Force Incident Response and Intelligence Services (IRIS) team had been preparing to observe and analyze possible attempts of foreign interference in the election. Although it appears that a major cyber disaster was averted, we were ready for the worst.
… we recognize that the risk of a major cyberattack on Ukraine could be the bleed-over to the rest of the world. IBM Security has many clients, including some of the largest financial and logistics companies, that need to be resilient in an attack or face potential damages in the millions or hundreds of millions of dollars. We needed to prepare a response to go at a moment’s notice.
Well in advance of the first round of the Ukraine election in March, we decided that we couldn’t afford to sit on our heels until an attack was launched. We began to operationalize a plan for responding to anything that we could conceive of happening before or after the election event. I ordered the creation of an incident command center team, comprised of top experts across the IBM company, that was on alert and could be stood up immediately if needed. This team operated outside of the traditional organizational structure.
Now that we have moved from an alert posture back to a normal readiness stance, I can share a little bit from behind the scenes about how we prepared. I’ll also describe what organizations can do to evolve their security posture from a reactive stance to a more proactive and predictive security posture.
I don’t often post articles about IBM Security (full disclosure: my employer) but I like Caleb’s write-up about this – especially about the C-TOC:
Plus, for the first time since it’s construction, we had at the ready the X-Force Command Cyber Tactical Operations Center (C-TOC), the industry’s first mobile command center, to assist clients in Europe with investigations and recovery. We had multiple drivers ready to go at a moment’s notice and drive through the night if necessary. The C-TOC gives us unique capabilities in a destructive attack: If a client’s systems go down, we have a sterile platform from which to work, and we travel with our own internet, data center and all the gear we need to accelerate recovery.
It is pretty cool! Check out the whole article for the breakdown on what my colleagues did and some generally good advice around being prepared for the worst.