Williams F1 group CIO Graeme Hackland told Computer Weekly at Infosecurity Europe 2018 in London that security improvements since 2016 had rolled out dramatic changes in how the two companies functioned. For now, however, mobile and any-device access to core Williams systems remains on Hackland’s to-do list.
“When it comes to security, the job is never done. Our endpoint security and our cloud security is demonstrably robust now, through our partnerships since 2014 with the likes of Thales, Symantec, Cisco and Dtex Systems, but we want to move faster in the next 12 months while maintaining resilience in a world where absolute security is not realistic.”
Hackland said it was his job to “question everything” and never rest in relation to security. “We work now, and will continue to, with white hat hackers from Symantec, Thales and others, and we find they do their job: they pick up flaws and weaknesses that tell us about what we’ve missed and where we need to invest and pay attention.”
Hackland said mobile was now the priority because, in relation to the rest of its infrastructure and devices mix, smartphones in particular were insecure and untested.
“But at the same time, everyone wants to work on mobiles now. They are fast, available and what people reach for. So bringing these devices under the Williams security umbrella is essential.”
He said the current set-up did permit Williams-approved mobile devices for staff, with pre-installed software, but a bring-your-own-device (BYOD) option would be a step up.
“Staff can use their own phones and tablets to access emails, but we want to move quickly, particularly as our HR function has a digital transformation agenda of its own, moving staff over to electronic payslips and other secure cloud services,” he said.
Will Williams get to the point where it can permit staff in the pit lane to run race strategies and analyse other sensitive datasets from their personal mobiles?
“That’s one ultimate objective,” said Hackland. “Right now we have some company-approved laptops for staff to choose from, but it comes down to a choice between big, heavy and powerful or lightweight and less powerful. More choice in time will be a big benefit, and once BYOD is viable then staff can instantly use what they personally need.”
He said “any device, any data” was probably a year away, maybe more, and he would take the proposition to the executive board when it was ready.
“The bottom line is this: we cannot make anything we do more unreliable. We cannot jeopardise driver performance and add risk. Even an unreliability impact of 0.1% is unacceptable. So that’s the kind of test I’ll be applying.”
When encryption was introduced onto devices used for pit-lane analysis, Hackland said the same threshold of no-impact also had to be met.
“We got there with Symantec, but there’s always work involved, and then you have to convince everyone who’s impacted to buy in as well.”
Hackland said the fast growth of Williams Advanced Engineering (WAE) was also shaping his security mission.
“When I joined in 2014 there were 80 staff [in WAE]. Now we have 300 staff and 40 projects, with the likes of Jaguar, Airbus, Nissan and Sainsbury’s. To work on projects, we have to meet their exacting standards and we have to comply with regulations in different market spaces, too. It’s a different beast to only working in Formula One, but these are good disciplines to adopt.”
Hackland said that whatever Williams does next he wants staff to know and feel they aren’t being over-monitored.
“We have to analyse activity, but it’s anonymised and it only triggers alerts where there’s a demonstrable lack of fit with our culture and behaviours. So it’s been tuned to our needs, in other words. We want to leave people alone, and don’t want to be dealing with noise and false positives.”
Hackland added some more detail about how Williams Advanced Engineering presents the business with a very different challenge to Formula One, with its multiple customers in industries ranging from automotive to aerospace, healthcare and more.
“The clients don’t want their data leaking among project teams. This is one of the reasons we turned to Symantec. If we lose our customers’ intellectual property, our reputation – and therefore our business – will suffer.
“One of the major advantages of our partnerships, including Symantec, is access to knowledge of the ever-changing global threat landscape. If you stop thinking about threats, you’re going to be hit by something. Symantec Global Intelligence Network – part of our end-to-end Symantec security solution – ensures that this doesn’t happen by identifying threats globally and sharing that information with Symantec Endpoint Protection.
“As for our Williams Advanced Engineering customers, we work on such sensitive projects that protecting customer data and IP is fundamental. We could not be in business without taking it seriously and delivering.”