“Sheltered Harbor.” “Quantum Dawn.” You might mistake these for names of Bond movies or military operations, and you wouldn’t be far off.
Writing in The New York Times, Stacy Cowley details steps taken by banking industry heavyweights like Mastercard, Citigroup, and Wells Fargo to coordinate their defense against cyber attacks like the Equifax breach that exposed 146 million people’s information last year. As companies become increasingly paranoid about the vulnerability of their systems, Cowley reports they are increasingly willing to do whatever it takes to protect them. Cybersecurity is “the only place in the company that doesn’t have a budget constraint,” says Bank of America CEO Brian T. Moynihan.
Following the model of “fusion centers” created after 9/11 by the Department of Homeland Security to coordinate federal and local agencies’ intelligence, the banks are cooperating to streamline how they track and recover from major hacks. Several have hired special forces veterans and CIA operatives, and prepare with combat drills like the aforementioned Quantum Dawn: “a biennial simulation of a catastrophic cyberstrike” that runs on a test “cyber range” designed by a Department of Defense contractor.
Cowley describes “war rooms” like the set of “Dr. Strangelove” or “WarGames,” with giant screens and animated world maps that seem designed mostly to impress deep-pocket customers. “You can’t have a fusion center unless you have really cool TVs,” says Citigroup’s cybersecurity chief.
But the threat is real, despite these dramatics. Mastercard alone has tracked 20 million intrusion attempts since January. Hacking programs are only becoming more sophisticated, including those apparently sponsored by countries like North Korea and Russia, and their effects are cause for concern well beyond individual privacy. If banks’ military readiness is part of a new cyber arms race, Thomas Jefferson’s statement that “banking establishments are more dangerous than standing armies” may take on a different shade.