O'FALLON, Mo. — In a windowless bunker here, a wall of monitors tracked incoming attacks — 267,322 in the last 24 hours, according to one hovering dial, or about three every second — as a dozen analysts stared at screens filled with snippets of computer code.
Pacing around, overseeing the stream of warnings, was a former Delta Force soldier who fought in Iraq and Afghanistan before shifting to a new enemy: cyberthieves.
"This is not that different from terrorists and drug cartels," Matt Nyman, the command center's creator, said as he surveyed his squadron of Mastercard employees. "Fundamentally, threat networks operate in similar ways."
More from the New York Times:
Germany acts to tame Facebook, learning from its own history of hate
US suspends tariffs on China, stoking fears of a loss of leverage
Deutsche bank's problems threaten a star banker
Cybercrime is one of the world's fastest-growing and most lucrative industries. At least $445 billion was lost last year, up around 30 percent from just three years earlier, a global economic study found, and the Treasury Department recently designated cyberattacks as one of the greatest risks to the American financial sector. For banks and payment companies, the fight feels like a war — and they're responding with an increasingly militarized approach.
Former government cyberspies, soldiers and counterintelligence officials now dominate the top ranks of banks' security teams. They've brought to their new jobs the tools and techniques used for national defense: combat exercises, intelligence hubs modeled on those used in counterterrorism work and threat analysts who monitor the internet's shadowy corners.
At Mastercard, Mr. Nyman oversees the company's new fusion center, a term borrowed from the Department of Homeland Security. After the attacks of Sept. 11, the agency set up scores of fusion centers to coordinate federal, state and local intelligence-gathering. The approach spread throughout the government, with the centers used to fight disease outbreaks, wildfires and sex trafficking.
Then banks grabbed the playbook. At least a dozen of them, from giants like Citigroup and Wells Fargo to regional players such as Bank of the West, have opened fusion centers in recent years, and more are in the works. Fifth Third Bank is building one in its Cincinnati headquarters, and Visa, which created its first two years ago in Virginia, is developing two more, in Britain and Singapore. Having their own intelligence hives, the banks hope, will help them better detect patterns in all the data they amass.
The centers also have a symbolic purpose. Having a literal war room reinforces the new reality. Fending off thieves has always been a priority — it's why banks build vaults — but the arms race has escalated rapidly.
Cybersecurity has, for many financial company chiefs, become their biggest fear, eclipsing issues like regulation and the economy.
Alfred F. Kelly Jr., Visa's chief executive, is "completely paranoid" about the subject, he told investors at a conference in March. Bank of America's Brian T. Moynihan said his cybersecurity team is "the only place in the company that doesn't have a budget constraint." (The bank's chief operations and technology officer said it is spending about $600 million this year.)
The military sharpens soldiers' skills with large-scale combat drills like Jade Helm and Foal Eagle, which send troops into the field to test their tactics and weaponry. The financial sector created its own version: Quantum Dawn, a biennial simulation of a catastrophic cyberstrike.
In the latest exercise last November, 900 participants from 50 banks, regulators and law enforcement agencies role-played their response to an industrywide infestation of malicious malware that first corrupted, and then entirely blocked, all outgoing payments from the banks. Throughout the two-day test, the organizers lobbed in new threats every few hours, like denial-of-service attacks that knocked the banks' websites offline.
The first Quantum Dawn, back in 2011, was a lower-key gathering. Participants huddled in a conference room to talk through a mock attack that shut down stock trading. Now, it's a live-fire drill. Each bank spends months in advance re-creating its internal technology on an isolated test network, a so-called cyber range, so that its employees can fight with their actual tools and software. The company that runs their virtual battlefield, SimSpace, is a Defense Department contractor.
Sometimes, the tests expose important gaps.
A series of smaller cyber drills coordinated by the Treasury Department, called the Hamilton Series, raised an alarm three years ago. An attack on Sony, attributed to North Korea, had recently exposed sensitive company emails and data, and, in its wake, demolished huge swaths of Sony's internet network.