Formula 1 and Cybersecurity: A Race Against Threats

Formula 1 racing is renowned for its precision engineering, where races can be won or lost by milliseconds. While historically data-driven, the sport is increasingly focused on security and resilience. A recent behind-the-scenes tour of the Australian Grand Prix in Melbourne with the Atlassian Williams F1 team and industry peers highlighted the growing importance of cybersecurity in motorsport.

Third-Party Risk and Race Day Resilience

Motorsport relies on a diverse network of vendors for devices, software, and services. This interconnectedness introduces third-party risk, but not all connections are equal. A guest WiFi network carries less risk than systems processing in-race telemetry. Managing this risk is similar to managing it in a complex enterprise, where a supplier’s security posture directly impacts the team’s own security.

James Kent, Technology Principal at Williams F1, emphasized the importance of partnering with vendors who prioritize security. “We partner with vendors that align with our own strategy,” Kent said. The team employs a layered security approach, adjusting security measures based on data sensitivity. “We have multiple data links,” Kent explained, “These are either aggregated or locked based on the latency and security requirements.”

The rise of non-human, machine identities from suppliers presents new challenges. Traditional methods of managing access for temporary staff are insufficient. Role-specific identities with location-aware authentication and zero-trust approaches are now essential, particularly as software increasingly enforces policy, rotates credentials, and protects multi-cloud environments.

Balancing Data Sensitivity and Competitive Advantage

Data is central to Formula 1, encompassing telemetry on acceleration, braking, cornering speeds, gearing, and track conditions. However, the true advantage lies in how this data is combined and analyzed. Carlos Sainz Jr. Noted, “When I come back into the garage, my teammate and I are constantly elevating each other thanks to the data analysis.” He also cautioned against over-reliance on data, stating that it can be detrimental if it overwhelms a driver’s focus.

Optimizing performance involves correlating insights from three perspectives: the driver’s on-track experience, trackside simulations using current and historical data, and a predictive model that doesn’t consider human input. By integrating these perspectives, the team can gain a deeper understanding of race trends and build a competitive edge.

Collecting and protecting the right data is crucial. Kent stressed the importance of carefully managing data movement, stating, “I pay close attention to what [data] we’re moving, how we’re moving it and where we’re moving it to. We partner with organisations to protect us because the cyber threat is constant.”

Securing High Performance Through Fundamentals

Geopolitical uncertainties add complexity to maintaining business value in a global sport like F1. Darren Guccione, Chief Executive and Co-founder of Keeper Security, highlighted the importance of focusing on organizational fundamentals, particularly people. “The model [for cyber security] is simple but execution is complex,” he said. “There’s [often] an inverse relationship between cyber security and ease of use. We try to unify security and ease it because if it is complex, employees will find ways around it. That puts the company at risk.”

Simplifying the toolchain with a platform approach is a starting point, but cultural change is equally critical. Elevating security awareness at all levels of the organization can enhance resilience against attacks that automated tools might miss. Unifying risk management processes is also critical. Siloed point solutions and disconnected processes hinder effective auditing and reporting, particularly for regulatory requirements like Operational Risk Management (CPS 230).

Guccione emphasized the need for integrated security platforms: “An organisation might have 25 different security products, but they don’t thread together. [This leads to] operational and security gaps, making it impossible to run a compliance report. So, we’ve threaded all those core security applications into one unified platform. That’s the future.”

By prioritizing the right partnerships, collecting essential data, and building a strong foundation of security fundamentals, organizations can enhance their resilience in an increasingly uncertain environment.