In high-stakes environments like Formula E, where milliseconds can decide a race, ensuring system availability is paramount.
The TAG Heuer Porsche Formula E Team won the drivers' championship with Pascal Wehrlein at the wheel in 2024.
Wins can ride on the difference of mere fractions of a second, so downtime is not an option.
With a sport dominated by data, technology and network availability, the worst-case scenario of a ransomware attack could mean the championship team misses races and loses valuable points.
One tool the TAG Heuer Porsche Formula E Team uses to protect its network and ensure availability is the Cato Networks SASE Platform.
With 16 races over the Formula E calendar across ten locations the challenges are unique.
During an event at Porsche’s site in Stuttgart, Germany, Infosecurity spoke with Friedemann Kurz, Porsche Motorsport’s Head of IT, about how he approaches cybersecurity for the team, ensuring availability and supporting championship success.
Infosecurity Magazine: What does cybersecurity look like at the TAG Heuer Porsche Formula E Team?
Friedemann Kurz: We have a pretty big team for IT, but no one is entirely dedicated to security as we have many skills across the team and a lot of external support from partners like Cato Networks.
Since there are so many jobs, we share amongst those in the team, everyone needs to be a little bit of a cybersecurity expert.
Plus, we need trusted partners who we can rely on to ensure security within our operations and secure our data.
That’s why we use a lot of platform products that are trusted. Then we train people from the IT team to use the platforms.
While the team would not go too deep into investigating a threat, our partners can help us go into the research and understand what is going on.
IM: What are some of the main cybersecurity threats and challenges you face as a Formula E team?
FK: Like any organization, we are exposed to cyber threats. We are travelling a lot and our equipment is moving all around the world.
For example, during the Formula E season, our equipment is travelling with the race series transportation organization, meaning we do not have it with us when it’s in transit. Plus, we are operating in different environments where we may not consider their IT infrastructure to be completely secure.
In that environment, the most important consideration is to ensure the reliability of services. So, when we arrive in a country on the other side of the world, we need to be as quick as possible powering up our services.
If we are in another country, we have to try to find the optimum routs and optimize our traffic. That's why again we use platforms with certain optimizations to make sure that the most important packages are delivered in a prioritized way.
“We are a public-facing organization, we are on television. That makes us a target for attackers.”
It’s not about cybersecurity threats all the time, it's more about reliability, security and data availability in general.
On top of that, we are a public-facing organization, we are on television. That makes us a target for attackers in different ways.
I don’t think it is like industry spies, that is not the main concern. It is more about being blocked by a denial-of-service (DoS) attack that would damage our network and prevent us from accessing our data.
That would slow us down by blocking our network. That’s the main concern.
We try to be protected in a holistic way, not just single measures because again there are so many other attack vectors. A security platform needs to be something that is covering everything, but the main concerns are availability, reliability and fallbacks.
In case the public network lines are not very stable, we need to have to work with what we have and then having all the services around that being resilient to work in in that international environment that I described.
IM: Do you communicate with the other teams about cyber threats you may have observed?
FK: We are competitive in every sense you can imagine. It's always a competition within the rules and regulations that the racing series gives us.
Since we share a network at the racetrack with other teams, or at least the wide area network (WAN) side of the network that is shared.
There is one or several WAN lines connecting us to the internet. Those are shared among the other teams. Based on the Cato SASE Cloud Platform, we have our own tunnel which means all the data is encrypted and tunneled.
So, if someone attacks the whole WAN network then of course everyone would be in trouble.
If we identify an attack on that network with the solutions we have in place, that's something where we would support others to keep the series alive.
That’s not necessarily about having a competitive advantage.
But coming back to the performance, transferring the data through our own tunnel, if we are quicker than the others – and I mean it’s about seconds or even tenths of a second – where we can make decisions faster and quicker of course we try to stretch that further as much as we can.
IM: What are some of the biggest challenges you’re seeing in cybersecurity today?
FK: Keeping it manageable. That's what I'm concerned about.
Mainly in operations, so with a small team and high pressure with other things that are going on in parallel, plus not having that dedicated cybersecurity person. We need to be able to handle all of that in a situation at the racetrack during the weekend.
That includes the threats that are potentially coming in but also monitoring the whole solution.
IM: What is one piece of advice you would share with fellow cybersecurity professionals?
FK: It's key to have a pretty simple and straightforward overview on what's going on in the network, not just with real threats, but also in general.
For example, there might be a lot of things going on in the network traffic that is created during a race weekend that we don't want to have in our network. It could be protocols. It could be application services that we don't want because they are blocking bandwidth or maybe it is a non-trusted solution.
That's where the security platform starts to detect that. We need to be in a position to identify not just the threats but also the behaviors we don't want on our network.
Then, if there are real threats incoming, I as the manager or people operating the systems need to be able to have a quick overview and decide on how critical it is to take action immediately. This decision process needs to take a second at most not to be disturbing the services.
IM: What are some of the biggest successes you have observed in cybersecurity recently?
FK: We always try to learn from other industries. But motorsport is a bit on the edge when it comes to applying new technology and innovation. Also, the environment is pretty special.
I think we can share a lot with other industries too. The race team set up is a bit like a branch office but just for a temporary amount of time. So, we can take things out of what we are doing and then merge it into corporate environments or other industries.