Lesson 2: Sensitive Data Must Be Secured Properly
Laptop computers are present almost everywhere. They’re in team transport trucks, which perform double duty by housing both cars and mobile offices (complete with Ethernet LANs, satellite- and cellular-based Internet connectivity, printers, UPS devices, and more). Team members also use laptops in the garage to help calculate needed race car adjustments, and numerous systems populate the pit lane.
Each system presents a tempting opportunity for a less-than-sporting competitor to steal a look at another team’s setup information. That’s particularly problematic in auto racing, where teams often know no limit to the extent they’ll go to gain an edge.
Stories are legendary. One tale holds that a string of poor drag racing runs by John Force in the NHRA series was due to competing teams sabotaging data fed to a control module in his race car via laptop immediately prior to racing.
NASCAR teams hold their setup and tuning data very close to their chest. So much so that, during live race events, many engineers and crew chiefs won’t even include any sensitive or proprietary data in the instant messaging chat sessions they often utilize to maintain communications.
"Security is something we always keep an eye on," says John Dullam, team engineer with Richard Childress Racing, which fields cars for Nextel Cup and Busch series point leader Kevin Harvick and Clint Bowyer, among others. "We use [128-bit] encryption for any wireless communications, and we’re selective about the information we exchange during a race because of security concerns. We won’t discuss fuel mileage or pit scenarios when using instant messaging because it’s not secure."
Prior to the Busch series Meijer 300 Presented by Oreo, I interviewed Bill Wilburn, the crew chief for Clay Andrews Racing. Though its smaller budget relies on a paper-based system as backup, this team seemingly possesses no secrets. At least, it didn’t until the unsponsored team shocked the racing world with its victory, an underdog win that prompted USA Today to speculate that driver David Gilliland’s victory may constitute "NASCAR’s upset of the century" (see Figure 2).
Figure 2 David Gilliland celebrates his victory in NASCAR’s Meijer 300 Presented by Oreo Busch race at Kentucky Speedway.
The team, albeit one of the series’ least known, uses a DESkey USB thumb drive to secure its laptop data. Race laptops, of course, frequently include sensitive team and race information. The DESkey is capable of leveraging application-specific integrated circuit (ASIC) and microcomputer technologies to provide powerful encryption and decoding capabilities.
Other teams don’t even trust encrypted networks to transmit proprietary tuning data or race strategy communications at the race track. Instead, some turn to USB thumb drives to transfer information between systems.
"Memory sticks work great," says Tully Esterline, engineering director for Brewco Motorsports, which fields cars for David Green and Greg Biffle. "They’re convenient, secure, and safe."
What can businesses learn from these NASCAR teams’ efforts to protect proprietary information?
- Sensitive information should always be protected from prying eyes. Even if you’re employed by a small business, other operations could benefit if the organization’s proprietary data is compromised; appropriate security precautions should be taken.
- Most wireless communications available to private businesses aren’t secure, even when encrypted. Numerous exploits are available for wireless networks, so only non-sensitive data should be transmitted over them.
- Employees should be reminded regularly that instant messaging communications aren’t secure. Increasingly, organizations are turning to IM to enable quick communications between field staff and even customers, but steps should be taken to ensure that credit card numbers; Social Security data; and other sensitive account, password, and user information is never exchanged using IM.
- Sometimes the simplest data transmission methods are the most secure. Unless a flash-based thumb drive is lost, its information remains safe, secure, and protected. While the format won’t prove appropriate for all environments, many small businesses in particular may benefit by relying on USB flash-based drives for backup or simple data exchanges.