CY­BER SAFETY IN F1

Whether the agenda is mis­chief or es­pi­onage, are com­ing un­der re­peated at­tack from out­siders de­ter­mined to steal or dis­rupt their pre­cious data. F1 Rac­ing in­ves­ti­gates

F1 Racing - - CONTENTS -

We talk to the staff of Kasperksy Lab, the firm who have been han­dling Fer­rari’s data se­cu­rity since 2010

Re­boot For­mula 1 rep­re­sents the cut­ting edge of au­to­mo­tive tech­nol­ogy. So it’s ironic, per­haps, that its last high-prole es­pi­onage case was so old-fash­ioned: in 2007, a sheaf of blue­prints made its way from Fer­rari to a se­nior McLaren de­signer in hard-copy form via a clan­des­tine meet­ing in a restau­rant. So far so John le Carré. The de­cep­tion was only dis­cov­ered when the de­signer’s wife handed the doc­u­ments in to a high-street copy shop to be du­pli­cated.

Since then, teams have put pro­ce­dures in place to pro­tect against theft from within. But in our mod­ern, con­nected world – more so than in 2007 – the threats are in­creas­ingly com­ing from with­out. Red Bull’s chief in­for­ma­tion ofcer Matt Cadieux told the tech­nol­ogy web­site V3 last year that his team comes un­der cy­ber at­tack “all the time”, although for now the would-be as­sailants are “am­a­teurs who do it out of cu­rios­ity” rather than ri­val teams out to poach tech­ni­cal se­crets. At the 2014 pre-sea­son Bahrain test, Marus­sia fell vic­tim to what team boss John Booth de­scribed as a “tro­jan-type virus in the server racks”, a tro­jan be­ing a specic type of virus that, as the name sug­gests, fa­cil­i­tates unau­tho­rised en­try. It shut down their PCs and left them un­able to run their car for much of the day.

A third – al­beit re­lated – threat comes from a source that ar­rives with no specic theft agenda: ‘worms’ and other ma­li­cious soft­ware pro­grams that are out there repli­cat­ing them­selves and spread­ing via con­nected de­vices or ac­ci­den­tal downloads. The most fa­mous of th­ese is Stuxnet, a virus widely re­ported to have been cre­ated by Mos­sad to dis­rupt Iran’s nu­clear en­rich­ment pro­gramme, and which self-repli­cates so ef­fec­tively that it now in­hab­its sys­tems all over the world. Stuxnet spreads via com­put­ers run­ning Mi­crosoft Win­dows and tar­gets a par­tic­u­lar type of Siemens soft­ware used to man­age in­dus­trial pro­cesses, which it dis­rupts while send­ing nor­mal feed­back to the op­er­a­tors.

“It’s a safety is­sue as well as an in­tel­lec­tual prop­erty is­sue,” says Alexan­der Moiseev, oc­ca­sional GT racer and Euro­pean MD for lead­ing com­puter se­cu­rity rm Kasper­sky Labs, who have been han­dling Fer­rari’s data se­cu­rity since 2010. “A virus like Stuxnet can af­fect what’s com­ing off the road-car pro­duc­tion line, or race-car com­po­nents that are made by an au­to­mated process, in ways that you may not be able to see from the out­side. You only know when the com­po­nent fails. That can af­fect your rep­u­ta­tion – it can af­fect hu­man lives.

“Un­til a few years ago, a lot of the at­tacks were done by pro­gram­mers demon­strat­ing what could be done. It was proof of con­cept – ‘Here, I can break in to this sys­tem and this is how I did it.’ Now it’s a big business for crim­i­nals, be­cause they can use a virus to steal data or, in a more cre­ative way, to sab­o­tage and black­mail. It’s a tech­no­log­i­cal war – us against them.

“We have a rather unique thing in that we have a virus lab. There are two points in time where you need to un­der­stand how the soft­ware for anti-mal­ware is done. Firstly you do the soft­ware it­self, which is the en­gine on the com­puter that con­trols the in­for­ma­tion trafc and guar­an­tees that no at­tacks are com­ing – that you are pro­tected. The most im­por­tant part is the up­dates, where we see what is go­ing on in the world and add this in­for­ma­tion to the cus­tomer

data­bases – minute by minute if nec­es­sary.”

Up­dates are nec­es­sary be­cause virus writ­ers with crim­i­nal in­tent are less con­cerned with show­ing off than am­a­teur hack­ers, us­ing a type of soft­ware known as a rootkit to con­ceal the pres­ence and ac­tiv­i­ties of the virus. Kasper­sky’s ‘lab’ – a com­bi­na­tion of au­to­mated sys­tems and teams of spe­cial­ist re­searchers – main­tains a data­base of known threats and con­tin­u­ously eval­u­ates sus­pi­cious code that their soft­ware has de­tected on its sub­scribers’ com­put­ers.

There is a ‘whitelist’ of known, trust­wor­thy soft­ware and a grow­ing ‘black­list’ – around 100mil­lion – of known ‘mal­ware’. Even if its ex­is­tence is con­cealed, mal­ware has cer­tain give­aways, such as reg­u­larly com­mu­ni­cat­ing with re­mote servers and mak­ing changes to the host com­puter’s setup. Once Kasper­sky’s lab has classied the mal­ware it can up­date its sub­scribers im­me­di­ately.

“IT se­cu­rity is go­ing to change in the fu­ture for F1,” says Neil Martin, Scud­e­ria Fer­rari’s head of strate­gic op­er­a­tions. “At­tacks have be­come more in­no­va­tive and so­phis­ti­cated to com­pro­mise our com­put­ers. Go­ing for­ward, we have to take se­cu­rity more se­ri­ously and it has to be an in­te­gral part of all the so­lu­tions we de­ploy.”

The chal­lenge in­volved in guard­ing an F1 team comes in the sheer quan­tity of data they pro­duce, both in the fac­tory and out in the eld. On track, the sen­sors on the cars gen­er­ate 25MB per lap – data that is trans­mit­ted in a stream to the garage and pit­wall, and back to the fac­tory, cre­at­ing two signicant op­por­tu­ni­ties for in­ter­cep­tion. Most teams now ban smart­phones from the company net­work – third party apps for the An­droid plat­form are a no­to­ri­ous means of mal­ware trans­mis­sion – as well as mon­i­tor­ing web trafc, ban­ning per­sonal email and block­ing ac­cess to so­cial net­works. Lap­tops, and the ow of data to and from them, are also mon­i­tored. But there has to be a trade-off: data has to be in­stantly ac­ces­si­ble to those who need it, par­tic­u­larly dur­ing a race.

“We have a mas­sive amount of data com­ing in – about 60GB on a race week­end,” says Martin. “Plus a lot of sim­u­la­tions are run in real time. Now we need a so­lu­tion that pro­tects us but is pro­ces­sor-light so we can run more sim­u­la­tions and en­sure we’re analysing the data in real time, let­ting us make de­ci­sions in a timely fash­ion.”

“As well as se­cur­ing the crit­i­cal in­fra­struc­ture, a chal­lenge for us was to com­bine all the de­vices into one perime­ter that was fully con­trolled with­out any im­pact on per­for­mance or the speed of data trans­fer,” says Moiseev. “You can­not have all the doors closed all the time. Peo­ple have to knock and come in – it’s the way we work to­gether to­day, we have to be con­nected.”

But where there’s a door there’s al­ways a vul­ner­a­bil­ity, es­pe­cially given our re­liance on tech­nol­ogy as a labour-sav­ing aid. In the 1990s, word went around that the cen­tral lock­ing sys­tem of a par­tic­u­lar car could be de­feated by plac­ing half a ten­nis ball over the key­hole and strik­ing it. In-car sys­tems based on off-the-shelf ar­chi­tec­ture have cre­ated new vul­ner­a­bil­i­ties.

In F1, data trans­mis­sion from pit to car is banned, but the car still re­ceives sig­nals from out­side – such as those that ac­ti­vate track sig­nal in­for­ma­tion dis­play. With yel­low-ag speed lim­its on the ta­ble after Jules Bianchi’s ac­ci­dent – lim­its that will be ad­min­is­tered by the car’s ECU – are we cre­at­ing a new po­ten­tial ‘hack’?

Kasper­sky’s virus lab, where re­searchers use au­to­mated data to eval­u­ate sus­pi­cious code they de­tect on their sub­scribers’ com­put­ers

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.