F1 and Cybersecurity: How the CISO Secures a Place on the Podium

April 8, 2016
| |
4 min read

On March 18, the new Formula One (F1) season began in Melbourne, Australia. All teams have been preparing for the season for months to get cars, drivers and crews ready to deliver their best performances from day one.

Although the activity on the track is vitally important, there is a huge responsibility resting on the shoulders of the team behind the scenes — in both the pit and the computer labs. In the modern era of F1, high-speed data analytics is key to achieving a competitive edge, and it’s an area that has seen vast growth in recent years. More and more, we see pit garages doubling their headcount with an influx of data engineers analyzing raw numbers through visualization tools and simulations to look for anomalies in real time.

Honda R&D recently announced it is monitoring and analyzing data from more than 160 sensors in F1 cars using IBM Watson Internet of Things (IoT) technology. Drivers and crews can apply data and analytics to streamline performance and improve fuel efficiency, enabling drivers to make real-time racing decisions based on this data, such as adjustments to speed, temperature, pressure and power levels.

Applying Security to Analytics

While high-speed data analytics offers great opportunities, it also poses great cybersecurity threats that can lead to serious detrimental impacts if left unaddressed.

Robust protection is required for both onboard computers and the server infrastructure of car manufacturers engaged in such data analysis. It’s vital that all relevant data be encrypted, whether it’s the raw data transmitted from the onboard connectivity technology to a base station, the cloud platform accessible at any location or the data on monitoring hardware present on race day that may be subject to an intrusion attempt on a hardwired network.

Many teams are already using security solutions to protect their intellectual property. They cannot risk a competitor gaining access to their data on aerodynamics, fuel consumption, tire degradation, etc. since this data represents information on marginal gains that combine to establish a competitive edge.

It’s very clear that the deployment of high-speed data analytics and the security issues around this are already top of mind in F1. Perhaps it’s heightened even more so following Kapersky’s warning of F1 cars being vulnerable to cyberattacks simply due to the onboard computer being connected to the Internet.

A CISO in the Driver’s Seat

As data analytics in F1 progresses, it will be interesting to see the F1 driver evolve into a previously nonexistent role. In fact, there are many parallels to be drawn between drivers and the chief information security officer (CISO).

Both roles are naturally the center of attention in their respective fields, with a shared reliance on the need for intelligent data analysis. F1 drivers require an entirely collaborative relationship with their team during each race, much like CISOs need to establish and maintain the information security vision, strategy and execution with the help of their own team.

Before a race, the driver’s training session is a massively collaborative effort to analyze several scenarios for the car, track and technique. The team aims to:

  • Gain visibility into the car’s performance on the track and on specific sections of the track.
  • Detect deviations from the norm that indicate early warnings (such as engine or brake pad temperature, for example).
  • Prioritize data sets and results to optimize remediation processes.

You can compare this with a CISO’s activities with the team during the pre-exploit phase:

  • Gain visibility over the organization’s security posture and identify security gaps.
  • Detect deviations from the norm that indicate early warnings of advanced persistent threats (APTs).
  • Prioritize vulnerabilities to optimize remediation processes and close critical exposures before exploit.

During a race, the F1 driver must tactically implement all findings gathered during the training session into a coherent track strategy. The team will also be receiving real-time data, measuring what is happening on-track and with the car to quickly enhance or alter the strategy when needed.

This is the same for the CISO. The security team can diagnose what is happening in its environment in real time and adjust strategies based on intelligent, data-led decisions.

Following a race, the F1 driver works with the team’s data engineers to analyze the race data and identify the successes, failures and areas in need of improvement. This process is also similar to what a CISO will go through following a security event. When an attack takes place, a collaborative analysis of the security-relevant data gathered (also known as incident forensics) will provide actionable information for future use.

Comparing F1 and CISO Approaches

If we view the processes the F1 driver and CISO execute with a “pre” and “post” approach, it’s even easier to compare their roles. The following diagrams demonstrate these similarities.

Formula One


The parallels are clear: The F1 driver and the CISO both rely on fast, analyzed data from multiple sources to enable real-time decision-making. This data allows both to establish appropriate standards and controls, collaboratively manage technologies and direct the implementation of procedures.

The use of high-speed analytics in F1 is not an entirely new advancement for the sport, and it has already led to unprecedented development of the driver’s role. Likewise, the role of the person who keeps a company’s property secure, private and protected from prying eyes has taken a massive leap forward. Neither role shows any signs of an evolutionary slowdown anytime soon.

Such rapid advancements to data’s importance within these decision-making processes inevitably leads to growing security concerns that must not be ignored.

Erno Doorenspleet
Executive Security Advisor, IBM

Erno Doorenspleet has more than 20 years of experience in IT, spanning IT governance and operations, outsourcing and security risk and management. Currently,...
read more