Prevent, Detect and Respond

With a team of technology and security experts with backgrounds in the military, law enforcement and financial services working together 24/7 in the same location, PNC strengthens its defense against cyber threats.

It is Wednesday night in PNC’s Enterprise Fusion Center and the 60-inch, color monitor with a global map shows: “Local Time” is 20:29:45 and counting... “Attacks Today: 31,159” and then skips to 31,171 five seconds later.

Four lines of text change constantly: “New Attack From Germany to Colombia”… “From Poland to Colombia”… “From Netherlands to United States”… “From China to Taiwan”… and then four more locations appear as yellow lines shoot across the virtual map linking one country to the other.

This “Cyber Threat Map” is one of 12 large monitors hanging from the ceiling in the main room of the center. The other screens provide real-time tracking of system traffic volume and activity on internal and external computer servers. Inconsistencies or spikes in trends are highlighted in red to notify the team.


This "cyber threat map" helps the Fusion Center team monitor and respond immediately to issues

“All these monitors are in full view from every seat and provide an immediate dashboard of PNC’s network,” said Brett Toner, who leads critical incident management inside the center. He is among the 60-plus people in the center who have the insights and expertise to recognize and solve threats to the company. “We can immediately see issues together and respond.”

Monitoring Around-the-Clock

Given the worldwide threats in cyber space today, PNC opened this center in an unassuming, two-story building in the Fall of 2014. Operating 24 hours a day, seven days a week, the site has experienced employees from many functions stationed across six rows of long desks in one large, open room to monitor the bank’s systems and take immediate action when issues arise.

“The mission of this state-of-the-art facility is to protect the PNC experience by enabling us to deter, prevent, detect, respond and recover from all technology-related disruptions,” said Debbie Guild, PNC’s chief technology officer. “Here, technology teams can collaborate on solutions, in many cases before our customers are affected.”

The fusion center concept began in the early 2000s following 9/11 with collaboration between the U.S. departments of Homeland Security and Justice. The goal is to promote information sharing, identify perceived threats and stop them before they occur. While some companies have created fusion centers, PNC’s site is rare among financial institutions.

“By being together, we have the ability to see problems and react to them a lot quicker,” said Don Recker, a group manager in operations. “If things are working well, we don’t need to care about it. If they aren’t, we get involved.”

Solutions With ‘Tap on the Shoulder’

The center includes experts from six key disciplines (see list - "Teamwork 24/7"). Their responsibilities range from crisis management to mainframe systems along with computer applications and outside companies that support PNC.

“By having all the teams located together like this allows us to get ahead of issues more quickly to minimize or eliminate customer impact,” said Shelly Keller, technology director who manages the Integrated Operations Center.

Now everyone in the Fusion Center can immediately view both large and small issues. The team ranks them from Priority-4, or “P4”, which is minor, e.g., computer log-in issues, to “P1” which is a major issue, e.g., a loan application database problem. The center also provides an immediate and fully functional platform to test the team's ability to respond to incidents.

For bigger issues, the center eliminates the time lag to pull together different teams in various locations then wait to see who dials into a teleconference meeting. “We can solve problems now with a tap on the shoulder,” Recker said.


The Fusion Center brings together expertise from numerous departments

Diverse Skills Come Together

The 24/7 operation is staffed with three shifts, including 11:00 p.m. to 7:00 a.m. It is a high-security facility where employees use an identification card plus a key code to enter the main doors of each floor – and also swipe their ID card to leave the main rooms.

The Fusion Center has employees with diverse backgrounds that include technology, law enforcement and financial services. Experience ranges from a former U.S. Air Force firefighter to the former Department of Homeland Security along with former Department of Defense employees who specialized in cyber forensics. Other employees have extensive experience in banking, computer network management, systems and applications.

“I’ve gone from the front lines in the U.S. Army to the back-end operations in technology to protect our customers,” said Luis Guzman, who manages the cyber operations team with numerous military veterans. He added: “This environment is comfortable to military people. We define who’s attacking and why – and then we figure out how to beat them.”

Recker is a veteran of a different kind with 27 years at PNC. He began his career at age 19 as a part-time computer tape operator and worked his way up in PNC’s technology & operations division to become one of the Fusion Center’s group managers. He compares his team to an offensive lineman in football: “No one really knows what kind of work we do until we're needed.”

Recker is among the managers that coordinates a briefing between every shift to share information and ensure a smooth transition, especially on high priority issues.

The meetings can include Bryan Hill from the enterprise crisis management team. He proactively assesses situations for potential business impact on PNC's customers, employees and assets. Examples range from severe storms, the data breaches of U.S. retailers to the papal visit in September 2015.

“Our timing and communication in response to a crisis is crucial. We identify key people early, establish tactical working groups and evaluate the lessons learned,” said Hill, a business continuity analyst lead who oversaw the Army National Guard’s all-hazards emergency management program. He added:

The Fusion Center is helping to break down the barriers between technology and business. When the teams work together, it forces us to learn and help each other understand what each other does.


Take a tour inside the PNC Enterprise Fusion Center (:40)

Debbie Guild, chief technology officer, says the Fusion Center team can collaborate on solutions before customers are affected

Teamwork 24/7:

PNC’s Fusion Center is staffed by six disciplines – all in one location:

  • Security Operations: watches for and responds to security events, such as a denial of service attack.
  • Infrastructure Operations and Physical Security: manages the data centers, mainframe, databases and other systems.
  • Customer Experience Monitoring: ensures applications are running.
  • Critical Incident Management: coordinates the internal experts and third parties to solve issues.
  • Enterprise Crisis Management: reports on issues with significant impact.
  • Critical Third Parties that support PNC's network and physical security systems.