‘Spygate’ in Formula One racing – Or: Don’t forget your ancient floppy disks!
For those who didn’t know, the Formula One racing series has recently started in Australia and Asia. While high-speed enthusiasts in the US flock to NASCAR or the IndyCar series, the rest of the world is hooked on the F1 racing circus (kind of similar to the situation with football/soccer…).
Anyway, as a security professional you have probably heard of last year’s massive data theft involving several high profile Formula One teams like Ferrari, McLaren, and Renault. What you might have not heard is how the technical data got stolen: Well, in the ultra sophisticated and technologically advanced world of Formula One racing, design plans and test results were simply copied to a bunch of floppy disks. Yes, floppy disks – those early versions of portable media devices that never really made it into the new millennium!
Having recently had a chance to chat with a CISO from a European F1 team, I can assure you that data theft via traditional data loss channels like email, IM, and FTP, as well as endpoint activities like copying to USBs, CD-Roms, external hard drives, and yes, floppy disks are now sufficiently safeguarded with the help of modern data loss prevention (DLP) solutions. F1 teams simply cannot afford to lose critical data because even small data pieces can mean the difference between winning and losing races. And likewise, merely having stolen information in your network (e.g., your competition’s construction plans or results from aerodynamic testing brought along by a newly hired engineer), can – under the tight regulatory rules of the FIA – lead to anything from hefty fines to (more likely!) exclusion from races, i.e., put you out of business…
The moral of the story? Please manage and safeguard all possible data theft channels and know what data resides in your network! That is, unless you want to risk losing your next data security race.