How Oracle Red Bull Racing guards against cyber threats

Like most well-known organisations, Formula One motor racing team Oracle Red Bull Racing (ORBR) has seen its share of cyber threats that could compromise its operations as it participates in races across the globe.

Spam, phishing and ransomware are among the most encountered threats, according to Morgan Maia, ORBR’s senior manager of technical partnerships. While ransomware campaigns have traditionally been conducted on a “spray and pray” basis, in recent years, they have become more targeted, he said.

High-profile organisations, especially those in extremely competitive environments, are attractive targets for the so-called “big game hunters”, said ORBR’s chief security officer, Mark Hazelton, adding that “corporate espionage has always and will always be a concern for elite sports organisations, especially as racing teams become more digital and data-driven”.

To protect against such attacks, ORBR uses managed security services from Arctic Wolf in areas such as incident detection and response, risk management and security awareness training.  

The services are being delivered by a concierge security team (CST) comprising Arctic Wolf security experts who work as an extension of ORBR’s internal teams to “give us the protection, resilience and guidance we need to defend against cyber threats,” Hazelton said.

With more attacks involving the use of social engineering, all of ORBR’s employees have also been trained by Arctic Wolf to guard against such threats. Fake attack emails are sent once or twice a month to keep them on their toes.

ORBR had previously conducted penetration tests twice a year, in line with the general practice, “but that point-in-time approach was quite flawed”, Hazelton said. With the support of Arctic Wolf, the tests are now conducted once a week.

Maia pointed out that while there were some attempts to steal computer-aided design (CAD) files some 10 to 15 years ago, the concern today is more about keeping the F1 industry safe from the outside world.

Teams do not attack each other, he said, as there is too much reputational risk. Instead, the CIOs of racing teams work with each other and the FIA, the governing body for world motor sport, on security matters.

Communications links between team garages at the 24 tracks around the world and their factories are provided by US multinational telecoms provider AT&T. Hazelton said the links are fast and reliable, so “we don’t need to worry about the complexities of provisioning, confidentiality and availability”. Arctic Wolf’s services sit above these connections.

Some of the tracks are in riskier geographies than others, said Maia, so Arctic Wolf is told when to expect large volumes of legitimate data flowing to and from these locations.

Arctic Wolf’s services fit elegantly with ORBR’s enterprise systems, collecting data from multiple points on the network, including switches, routers, firewalls, servers, cloud systems and devices.

Beyond that, Hazelton said Arctic Wolf’s security operations and CST teams “understand the nuances of our business and integrate seamlessly, as well as keeping on top of potentially malicious or just erroneous traffic”.

“They’re also able to help us steadily improve our security posture – and push us to improve while recognising our specific challenges and our appetite for risk,” he added. “They also slot in seamlessly where we may not have expertise in a specific area, helping to ensure that we are in the best state we can be at any given time.”