Every Formula 1 race weekend is essentially a pop-up event in a different city around the world, bringing 10 teams, their cars, and their entire mobile infrastructure to Australia, Singapore, Monaco, and beyond. This weekend’s Las Vegas Grand Prix is especially unscripted, though, because the event is Formula 1’s debut in Sin City. Cold weather and a rogue drain cover on the track have already injected some chaos into the spectacle. But as they prepared for the event, cybersecurity specialists from McLaren Racing, the city of Las Vegas, and the security firm Darktrace told WIRED that they aren’t deterred—their whole job is to expect the unexpected.
Major live sporting events are a prime target for hackers because they are prominent, highly visible, and draw international attention. Russia’s notorious attempt to target the 2018 Winter Olympics in South Korea, for example, included both disruptive attacks and hacks for information gathering. All sports now incorporate advanced elements of digital analysis and quantified performance, but Formula 1 is a particularly data-heavy sport. Race cars are essentially giant sensor arrays that are hurtling around at more than 200 miles per hour, generating massive amounts of information. The quicker teams can crunch the numbers from the track, the sooner they can determine which strategies and modifications to employ in real time or in preparation for the final race of the weekend. But a denial of service attack on any of a team’s engineering systems, one that disrupts their real-time communications, or theft of intellectual property could be disastrous for an F1 team.
“We’re a very public sport,” says Ed Green, McLaren’s head of commercial technology. “Our people are known and where we’re racing is known and what we do is known. And while there are lots of unknown things about our operation, lots of what we do is public so people can find out information and start to target us. So what we’re trying to do is make sure that security is part of the team and an additive part of what we do.”
Green describes McLaren’s setup at each race as “an extension of the office for the weekend.” The infrastructure is a sort of mobile data center where, for example, the pit crew on the ground is working as a remote part of the garage back at headquarters. This means that a crucial component of the entire operation is reducing latency in the digital connection between the track and home base—a geographic and network distance that varies significantly from weekend to weekend as the season plays out around the world. Green says that during the Brazil race in Sao Paulo at the beginning of November, McLaren was connected to its HQ in England with just a 223-millisecond delay.
“We pull down 1.5 terabytes of data a weekend and run 50 million simulations over the course of a weekend. And I would break down the importance of cybersecurity in a few different buckets,” McLaren CEO Zak Brown says. “We have the design IP of our race car, and that is highly confidential trade secrets that we’re moving around a lot. We’re dealing with third parties and racing around the world. And then we have all the data that is going on at the race track, where we’re literally making split-second decisions.”
Darktrace, which provides digital defense services for McLaren and has also worked with the city of Las Vegas on its cybersecurity for years, says that phishing, business email compromise, and other scams are the types of attacks its real-time, artificial-intelligence-based threat monitoring system detects and blocks most often related to Formula 1, both day to day and on race weekends.
