Sergey Nivens - Stock.Adobe.com
The Security Interviews: How to secure an F1 team in a pandemic
A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data
On Friday 13 March 2020, with hours to go before the first practice session of the 2020 Formula One season at Albert Park in Melbourne, Australia, and with the McLaren team having already withdrawn from the event following a positive Covid-19 test, the race organisers took the decision to cancel the event.
For many who had not been paying much attention to surging coronavirus infections in northern Italy, the postponement of the F1 season was probably one of the first indications that Covid-19 was about to become a life-altering event for everyone.
But while some F1 drivers, including Williams Racing’s George Russell, took to the internet to livestream their own virtual versions of the cancelled races, back at Williams HQ in Grove, Oxfordshire, team staffers and engineers were driving out of the front gate, the boots of their cars loaded with IT equipment, and the team’s CIO, Graeme Hackland, was happy to let them go.
Why so? Continuity of IT leadership, and an effective, multi-year digital transformation plan that has introduced a more holistic approach to data protection, may have had something to do with it.
A seasoned F1 technologist, Hackland joined Williams back in 2014 and embarked on a three-pillared strategy – centring ease of mobility, ease of collaboration and ease of data access – all tied together with a protective layer of cyber security provided by the team’s main partner, Acronis, in a longstanding relationship that began with backup protection and has expanded steadily over the years.
It is a relationship that has frequently been tested – as with any high-profile organisation, Williams is constantly on the receiving end of cyber attacks that threaten its intellectual property and confidential data, ranging from often sophisticated spear phishing attacks against senior staff, to full-blown ransomware attacks – Hackland has twice had to deal with these during his tenure.
Fully remote model
As part of the wider digital transformation, Hackland had already developed a model whereby about 70 team designers and engineers could work remotely, securely, fully supported, with their resource-hungry CAD programs, if they pleased.
The pandemic forced him to wind things up at pace to bring in a fully remote model, supporting 1,000 people, in the space of a few days.
“It was actually a year ago today that we logged a risk on our risk register that we may have to send all staff to work from home,” says Hackland. “How can we make this happen? We had a week, and by the following Tuesday or Wednesday we had upgraded our systems, we could have 1,000 people working from home, staff were driving out the gate with their chairs and their monitors.
“At the time, we thought it would be for a month, a couple of months. And here we are a year later, and it’s still possible and still viable for people to be able to work from home securely.”
“If we were having a conversation with a driver in the past, it would have been in a nice hotel in Oxford. But now we’re doing all that over video”
Graeme Hackland, Williams Racing
One of Hackland’s immediate cyber security priorities during the toilet paper and Tiger King-fuelled days of the UK’s first national lockdown was the same as was faced by every CIO and CISO in the country – a then little-known video-conferencing app called Zoom whose developers had failed to plan for mass usage, and which was paying the price.
“A year ago, Zoom wasn’t prepared for the growth it was about to experience – I don’t think Microsoft [Teams] was either, actually,” says Hackland. “One of the things we really relied on Acronis for was protecting those conversations.
“If we were having a conversation with a driver in the past, it would have been in a nice hotel somewhere in Oxford. But now we’re doing all that over video, and we don’t know if the device the person has got is secured, where they are, or what network they are on. We don’t know if someone is listening to these conversations.
“In the past, we always thought video conferencing doesn’t happen very often, so it’s not a target and we’ve got other areas we need to secure. But actually, securing these conversations became really important.”
New paradigm
The Acronis Cyber Protect service – an integrated platform providing backup, artificial intelligence (AI)-powered anti-malware and antivirus, and endpoint management that is specifically designed to help users eliminate complexity and manage and monitor workloads, data, applications and systems across their network – has also kept Williams working through a momentous event in its history in late 2020 – a transfer of ownership that brought to an end its status as the last family-run team on the F1 grid.
“We had loads of people join us during the lockdown, who have not been able to come to site,” says Hackland. “Our new CEO is going to be on site for the first time in March.
“Some of them have had to use their personal computers to start working for us. In the past, we would never have allowed that because we were focused on the need to protect our endpoint.”
This is less of a problem today thanks to a relentless focus on both data protection and user training – human error being, of course, a significant contributory factor in the majority of successful targeted cyber attacks – and Williams sees such attacks often.
“We’ve had many partially successful phishing campaigns against us,” says Hackland. “We had one where they registered Williams F1 dot com by putting two capital Is [in place of lower case Ls] in Williams, and it looks just like Williams. I can’t blame our staff who saw those links, thought it was a Williams F1 SharePoint, and clicked on it.
“Now, I caught that attack as it was happening and stopped it, but if you get an email from a colleague inside your organisation or from a supplier that you work with all the time, you’re much more likely to trust them.
“So we put a lot of effort into protecting the data so that when someone gets in, the data is secure, but we’re also trying to make it as hard as possible for someone to impersonate another user.”
In this new paradigm, says Hackland, it matters less who is accessing the data, what device they are accessing it on, or whether or not that device is itself secure or running on a secure network, because everything is connecting into a protected virtual machine (VM) in the Williams datacentre.
The entire approach now is predicated on the idea that data never leaves the Williams network, while the machine learning features within Cyber Protect establish a baseline of behaviour and personalise protection down to the individual user.
“We’ve had to switch our thinking to making sure we are protecting the data, so that if someone is on a device that isn’t secure, that doesn’t matter,” says Hackland. “They are going to connect to a virtual machine that is protected, is in our datacentre and has layers of security around that, and if they see any odd behaviour or we see any odd behaviour, we would then be able to handle that straight away.
“We have given all of our users the confidence to work from home and to create sensitive data remotely. Before Acronis, the burden of responsibility on backup would have been on the staff, but now this function is centralised and scheduled for them.”
Sell-by date
Understandably, the team’s data is incredibly important to it, but this data has a limited shelf life – nobody is interested in the 2017 car, but performance data on next year’s is incredibly valuable.
“Our most sensitive data is the 2022 car because there’s a generational change, the rules are changing significantly and we all had restrictions on what work we could do on the 2022 car – just to make it fair what with all the teams being affected by Covid at different times,” says Hackland.
“We have this sort period of time for the next generation of car, so the direction we take and the work we do in our wind tunnel, the challenges that we have around designing a completely new aerodynamic concept for 2022 is huge, and making sure our data doesn’t go to other teams is really important.”
But there is another snag. He explains: “From my perspective, I have got to be really careful that other teams’ IP doesn’t come into my network – if another team’s data gets into our car somehow, I’m in big trouble and we could be thrown out of the championship.
“So I am trying to protect us from our IP going out, which is a well-understood problem. I know what our data looks like and I can track it across the network onto an endpoint as it’s moved, and if anything happens to it, I have a pretty good idea where it is. But if other people’s data comes in, it just looks like mine, and that’s a real challenge.”
Security blanket
This year, Hackland’s relationship with Acronis continues, with the recent announcement of a renewal of the partnership between the two firms, extending areas of cooperation and driving further adoption of the Cyber Protect suite across the team’s entire IT estate – which ultimately extends to 600 servers, 1,500 endpoints, 1,200 Microsoft Office 365 mailboxes and nearly half a petabyte of data.
And with the team hoping to stage a comeback this year after a run of poor form, easing the security burden on Williams’ key personnel will, touch wood, help them keep focus on moving up the grid and taking the championship fight to their rivals.