CYBER SAFETY IN F1
Whether the agenda is mischief or espionage, are coming under repeated attack from outsiders determined to steal or disrupt their precious data. F1 Racing investigates
We talk to the staff of Kasperksy Lab, the firm who have been handling Ferrari’s data security since 2010
Reboot Formula 1 represents the cutting edge of automotive technology. So it’s ironic, perhaps, that its last high-prole espionage case was so old-fashioned: in 2007, a sheaf of blueprints made its way from Ferrari to a senior McLaren designer in hard-copy form via a clandestine meeting in a restaurant. So far so John le Carré. The deception was only discovered when the designer’s wife handed the documents in to a high-street copy shop to be duplicated.
Since then, teams have put procedures in place to protect against theft from within. But in our modern, connected world – more so than in 2007 – the threats are increasingly coming from without. Red Bull’s chief information ofcer Matt Cadieux told the technology website V3 last year that his team comes under cyber attack “all the time”, although for now the would-be assailants are “amateurs who do it out of curiosity” rather than rival teams out to poach technical secrets. At the 2014 pre-season Bahrain test, Marussia fell victim to what team boss John Booth described as a “trojan-type virus in the server racks”, a trojan being a specic type of virus that, as the name suggests, facilitates unauthorised entry. It shut down their PCs and left them unable to run their car for much of the day.
A third – albeit related – threat comes from a source that arrives with no specic theft agenda: ‘worms’ and other malicious software programs that are out there replicating themselves and spreading via connected devices or accidental downloads. The most famous of these is Stuxnet, a virus widely reported to have been created by Mossad to disrupt Iran’s nuclear enrichment programme, and which self-replicates so effectively that it now inhabits systems all over the world. Stuxnet spreads via computers running Microsoft Windows and targets a particular type of Siemens software used to manage industrial processes, which it disrupts while sending normal feedback to the operators.
“It’s a safety issue as well as an intellectual property issue,” says Alexander Moiseev, occasional GT racer and European MD for leading computer security rm Kaspersky Labs, who have been handling Ferrari’s data security since 2010. “A virus like Stuxnet can affect what’s coming off the road-car production line, or race-car components that are made by an automated process, in ways that you may not be able to see from the outside. You only know when the component fails. That can affect your reputation – it can affect human lives.
“Until a few years ago, a lot of the attacks were done by programmers demonstrating what could be done. It was proof of concept – ‘Here, I can break in to this system and this is how I did it.’ Now it’s a big business for criminals, because they can use a virus to steal data or, in a more creative way, to sabotage and blackmail. It’s a technological war – us against them.
“We have a rather unique thing in that we have a virus lab. There are two points in time where you need to understand how the software for anti-malware is done. Firstly you do the software itself, which is the engine on the computer that controls the information trafc and guarantees that no attacks are coming – that you are protected. The most important part is the updates, where we see what is going on in the world and add this information to the customer
databases – minute by minute if necessary.”
Updates are necessary because virus writers with criminal intent are less concerned with showing off than amateur hackers, using a type of software known as a rootkit to conceal the presence and activities of the virus. Kaspersky’s ‘lab’ – a combination of automated systems and teams of specialist researchers – maintains a database of known threats and continuously evaluates suspicious code that their software has detected on its subscribers’ computers.
There is a ‘whitelist’ of known, trustworthy software and a growing ‘blacklist’ – around 100million – of known ‘malware’. Even if its existence is concealed, malware has certain giveaways, such as regularly communicating with remote servers and making changes to the host computer’s setup. Once Kaspersky’s lab has classied the malware it can update its subscribers immediately.
“IT security is going to change in the future for F1,” says Neil Martin, Scuderia Ferrari’s head of strategic operations. “Attacks have become more innovative and sophisticated to compromise our computers. Going forward, we have to take security more seriously and it has to be an integral part of all the solutions we deploy.”
The challenge involved in guarding an F1 team comes in the sheer quantity of data they produce, both in the factory and out in the eld. On track, the sensors on the cars generate 25MB per lap – data that is transmitted in a stream to the garage and pitwall, and back to the factory, creating two signicant opportunities for interception. Most teams now ban smartphones from the company network – third party apps for the Android platform are a notorious means of malware transmission – as well as monitoring web trafc, banning personal email and blocking access to social networks. Laptops, and the ow of data to and from them, are also monitored. But there has to be a trade-off: data has to be instantly accessible to those who need it, particularly during a race.
“We have a massive amount of data coming in – about 60GB on a race weekend,” says Martin. “Plus a lot of simulations are run in real time. Now we need a solution that protects us but is processor-light so we can run more simulations and ensure we’re analysing the data in real time, letting us make decisions in a timely fashion.”
“As well as securing the critical infrastructure, a challenge for us was to combine all the devices into one perimeter that was fully controlled without any impact on performance or the speed of data transfer,” says Moiseev. “You cannot have all the doors closed all the time. People have to knock and come in – it’s the way we work together today, we have to be connected.”
But where there’s a door there’s always a vulnerability, especially given our reliance on technology as a labour-saving aid. In the 1990s, word went around that the central locking system of a particular car could be defeated by placing half a tennis ball over the keyhole and striking it. In-car systems based on off-the-shelf architecture have created new vulnerabilities.
In F1, data transmission from pit to car is banned, but the car still receives signals from outside – such as those that activate track signal information display. With yellow-ag speed limits on the table after Jules Bianchi’s accident – limits that will be administered by the car’s ECU – are we creating a new potential ‘hack’?
Kaspersky’s virus lab, where researchers use automated data to evaluate suspicious code they detect on their subscribers’ computers