Infosec ignorance is a barrier to security in America's Cup

Eric Ernst, IT manager for Victory Challenge, explains that the concept of information security was new to the team of sailors. “The term security was not even raised to the Victory Challenge sailors until the team inherited their new boat”. The design process for the boat, recently named Järv, or wolverine in English, began in 2005, and in June 2006 the construction of the boat got underway.

“We don’t use IRM, it would be too complicated for the team. They have no security awareness, and they’re not used to it. Any information security that I deploy has to sit in the background and can’t interfere with team – it’s not in their mentality”, admits Ernst.

The America’s Cup is an event full of tales of espionage, despite the protocol for the 32nd America’s Cup forbidding “Illegal act(s), eavesdropping, unauthorized entry into any computer system, use of divers, observing with the intent of gaining design or performance information of another competitor’s yacht by photo or filming…(or even)…acceptance of any information from a third party.”

“With the design of a new boat to protect, and as the team grows, security gets increasingly more important” says Eric Ernst. “For example, any team performing poorly is going to be interested in getting hold of the most successful teams’ data. Therefore, the better the team, the more important their data, and as a consequence, the more important it is to secure that data”.

Despite being the Formula 1 of boat racing, “this event is stone-age when it comes to security”, admits Ernst. “Victory Challenge have had no previous security strategy. This is the first year that we’ve had a security policy”. And this is due to the team’s ignorance surrounding the need for information security.

“We think there has already been an incident where we’ve seen someone on the inside leak information. The data and design of the boat is so important, and it’s this that provides competitive advantage. If the data lost, so is the advantage”, says Ernst.

SecureWave sanctuary blocks any applications or USB devices from being run on or connected to the 50 computers running on the Victory Challenge network, unless they have been previously authorised “this way no-one can steal anything”.

“It’s still really early days for security in this race, but I think we’re going to see more teams deploying security products in the future”, concludes Ernst.


* 02 July 2007: A representative for the Victory Challenge team contacted Infosecurity to say that Eric Ernst wanted it stated that 'the "incident" referred to had nothing to do with the Victory Challenge network, which is extremely secure'.

What’s hot on Infosecurity Magazine?