How a Formula 1 team protects itself from hackers and data breaches

Graeme Hackland, IT director at Williams Martini Racing and Williams Advanced Engineering, tells ZDNet how the organisation works to avoid the nightmare scenario of getting hacked.
Written by Danny Palmer, Senior Writer

With so much confidential data on their networks, Formula 1 teams like Williams are an attractive target for hackers.

Image: Steven Tee/LA Photographic

Cybersecurity should be a top priority in any business but it takes on an even greater significance when your organisation needs to protect intellectual property at the cutting edge of research and development -- as in the competitive world of Formula 1 racing.

Williams Martini Racing has to keep its F1 racing data secure, but its Williams Advanced Engineering division also works with clients in areas from transport to energy, designing and manufacturing products from tiny structural composites to electric motors.

"One the F1 side, everyone knows there's confidential information you're trying to protect: car design, race data, and so on. But at Williams, we have a bigger challenge than most other F1 teams face, because we have an advanced engineering division," Graeme Hackland, IT director at Williams, told ZDNet.

"Our advanced engineering division is either working with companies and their intellectual property, or developing our own intellectual property. The misuse of that data could be extremely costly to us, costly to our customers, and could really impact our reputation," Hackland said.

So what are the biggest cybersecurity threats Williams needs to protect against?

"There's one I hate to mention because people will looking at me strangely when I walk around the factory, but there's the trusted insider, that's the obvious one, that's where most companies are vulnerable," said Hackland.

"We talk a lot about trust and verification. We want people to be able to do their jobs, we don't want to block people from being able to do what they need to do, but we want to verify that they haven't misused -- even inadvertently -- confidential information from Williams or our customers," he said, adding that this is especially important when dealing with information from clients of the Advanced Engineering division.

"They trust us to either run a project in its entirety or to run it jointly with them. We may have some of their people on our site or our people may go to theirs and the project team needs to be sure that the data is safe, secure, and not being misused," he said.

Formula 1 is a hyper-competitive and good use of data can make all the difference between winning or finishing further down the field -- so teams are very sensitive about it.

"We don't want our staff to feel like we're constantly monitoring them, because we're not. We've put tools in place from Symantec that allow us to baseline what people do, protect their information and endpoints, and if they were to step out of line, we'd be notified about it," he said.

Of course, Williams also has to deal with outsider threats and there are plenty -- in just one month, almost 300 instances of malware were detected by email filters.

"It's all about IP; we're working on projects involving autonomous vehicles, and we work with other motorsports such as Formula E, motor manufacturers, and aerospace. All of that information is valuable and we know that brings risks of someone accessing information," said Hackland.

Williams uses Symantec Endpoint Protection for 1,200 computers, both within their headquarters and remotely at races around the globe, as well as for Advanced Engineering's projects and remote laptops sending live, detailed race telemetry data back to Williams's headquarters.

Viruses are a real threat in F1: in 2014 the Marussia F1 team said it had to cut short testing because systems got infected by a virus, something Hackland, described as "one of my nightmares".

In addition to using protective software, Williams fights threats with education at all levels -- especially given how authentic some phishing emails can look.

"What worries me is there's a lot of people out there in our staff who'll never have been exposed to these risks before, so education is required," he said.

"You used to be able to tell because the language would be bad and you could tell something was wrong. But that's not the case anymore; they're more sophisticated," Hackland added.

Nonetheless, for Hackland, the best way to reduce cybersecurity risks would be to make systems so robust that malware, phishing attempts, and hacks don't even reach employees inboxes.

"A lot of what used to get to [employees'] mailboxes doesn't get there anymore -- so better than education is to prevent stuff getting there," he said.

Read more on cybersecurity

Editorial standards