The following is a modified excerpt from CNBC cybersecurity reporter Kate Fazzini’s ”Kingdom of Lies: Unnerving Adventures in the World of Cybercrime,” on sale wherever books are sold. Names of corporations and individuals have been changed to protect sources.
In 2012 and 2013, Iranian sponsored distributed denial of service (DDoS) attacks that took down the websites of several prominent banks, including NOW Bank, one of the world’s largest.
The attacks were not damaging in terms of monetary losses, which were nearly zero, but were incredibly high-profile. The attacks brought so much energy to cybersecurity within NOW Bank that they created real political currency. By July 2014, that currency was finally realized in actual capital expenditures. A bigger budget.
Caroline Chan is what’s known as the cybersecurity group’s business manager. She has been with the company for two decades, knows every hacker who has ever been hired there and is tasked with delicately walking the line between creating a cyber program that works and creating a cyber program that continues selling itself to the bank’s upper ranks.
The birth of the SOC
One of her primary projects, her baby really, is building a new security operations center right in the middle of the bank’s corporate headquarters. It informally becomes known as the SOC, pronounced “sock.”
They’ve moved or hired new security employees, about 30 in all, from “back-office” locations across the tri-state area, to staff the new space.
The new employees are still getting used to wearing ties, and the searing natural light of several large windows, a strange phenomenon for those who may have previously worked in windowless offices or basement rooms.
It’s a move from the back office to the front office, at least that’s what executives keep saying. From the back burner to the front burner. Caroline knows from experience that even if the attention is fleeting, it’s still necessary to maintain the urgency needed for sustained attention to cybersecurity.
For some of the team members, it’s an exciting change, getting noticed, coming to work at the corporate headquarters, where everyone dresses well and market-moving business decisions happen. It’s exciting. For others, being on the front-burner just feels like another burner.
In the SOC, everything is new, and Hollywood-style impressive. Five 50-inch plasma screens span the east wall, one displaying data from an analytics software program called Splunk. The data is mostly scrubbed or fake because the people working there, most of whom are called analysts and skew toward deeply paranoid, don’t know who will be coming into their new center to view it.
On the south wall, a 90-inch plasma screen plays CNBC on mute. A communications specialist often stands near it, watching it intently to see what they might be getting wrong. The door to the SOC is hidden, a nine-foot wooden slab flush with the wall. Nobody without an appointment would even know it is there.
The north wall is made up of 100 square feet of electrochromic glass. The analysts call this the fog wall. It has been constructed using a five-layer sandwich of ultra-thin glass and polymer layers, the middle layer being a separator with rows of thin, clear, invisible electrodes on either side.
One of the layers is soaked in polycrystalline tungsten oxide. When someone flips a switch, lithium ions are attracted to one side of the sandwich, making the glass go white so it resembles a plain, opaque wall. Flip the switch again, and the glass goes clear, so you can see inside the SOC.
The fog wall is not meant as some kind of impermeable force field against cyberattacks, prying eyes, or malicious devices. It is meant to surprise and delight corporate clients who visit the bank, and entertain important people who want to know what it’s doing about cybersecurity.
Bankers will talk to these power players in the sober confines of the walnut and forest-green atrium just outside the SOC. The location — headquarters — implies significance. The blinking and blooping screens imply an LA-approved version of what it means to be high-tech. The hidden door, the lithium ion curtain – a little clandestine touch.
When the banker flips the switch, the fog wall dissipates, and the important visitor will then be able to see all of it, with the addition of all those young analysts typing away feverishly on their keyboards.
That experience, Caroline knows, transforms a back-burner function like cybersecurity into something more than what it once was, in the eyes of bankers. Something valuable, rather than a drain on resources.
The atrium outside the SOC served as an area that previously was just a pass-through to get from one bank of elevators to another. The hallway includes a sitting area, outfitted in sober dark-wood furniture with tasteful, academic dark green accents .A purely 80s investment bank aesthetic of upper-middle-class normalcy.
Just beyond it, behind the fog wall, the analysts are really working. No visitors are coming today. They prowl the bank’s systems, waiting for an enemy to strike their shiny new set-up.
They will not have to wait long.