Guest Safety: The Hospitality Industry's Most Valuable Digital Asset
Industries adopt new technologies to deliver tangible business benefits, but all too often the assessment of new systems doesn’t go much farther than an analysis of the business case. When adopting emerging technologies, it is of critical importance to assess the impact from several additional perspectives, including security and privacy, and to do so prior to deployment. Innovative new locking systems introduce a wide array of business and consumer benefits, yet they also introduce very new and very real threats against the industry’s most valuable digital asset: guest safety.
"Our mission is to better protect guest safety by empowering hoteliers to understand risk and empowering lock vendors to effectively mitigate risk"
Guests, and the guest experience, are the lifeblood of any hotel. Hoteliers have been stewards of protecting this asset for centuries, but the adoption of emerging locking technologies introduces new attack surfaces and new adversaries. Until now, assaulting any of a lock system’s primary attack surfaces–including the key, lock, key storage and user–required physical access to the environment in which the lock is installed. However, new locking systems have reduced or eliminated this requirement, enabling adversaries to initiate their attack from a distance while, at the same time, significantly reducing the adversary’s risk of being detected. New locking systems have also introduced new surfaces not otherwise present in current hotel locking systems, such as the back end and the communication protocols. Hackers have a long track record of victimizing these types of services across many types of products and industries. Furthermore, attacker sophistication is escalating exponentially, concurrent with the development of new, effective tools being built to enable even low-skilled adversaries. This confluence of factors results in a condition where attackers are becoming increasingly more skilled, and there are increasingly more of them.
Combine that with situation wherein emerging lock systems have both introduced new attack surfaces and enabled new attackers, and the likelihood of asset compromise skyrockets.
In an effort to tackle this looming technology catastrophe head-on, the leadership of hospitality industry trade association Hotel Technology Next Generation has asked me to co-chair a working group aimed at solving this problem. Along with my counterpart at Hyatt Hotels, our mission is to better protect guest safety by empowering hoteliers to understand risk and empowering lock vendors to effectively mitigate risk. In order to mitigate risk, it must first be understood, and in the hospitality industry there is a curiously contradictory circle of events: lock vendors look to hoteliers for guidance on security requirements, while hoteliers expect vendors to be the ones advancing the security initiatives in their products. Instead, hoteliers and vendors alike should be obtaining solid, quantifiably validated answers to a series of hard questions:
• Are we effectively verifying product claims through unbiased, independent assessment?
• What is the appropriate rigor of security assessment testing, and are we obtaining it?
• Are we cognizant of what we don’t know about a system?
• Who are the adversaries we are most concerned about, and is this system built to defend against them?
• How is security built into the development of this product, rather than just considered at the end?
• Do we know how physical access controls systems can be circumvented, and do we have effective mechanisms in place to prevent that from happening?
• Are we cutting corners in the race to deploy new technologies?
In order to ensure the safety of the guests, it is imperative that neutral security assessments are performed on the desired technology prior to deployment. These assessments should reflect not only the design and architecture of these systems, but assess also how they integrate with third-party technologies, as well as how they are deployed in their environment. Developing and maintaining customized threat models is crucial in order to continually adapt to the evolving adversary. Reliance on compliance–such as Common Criteria, ISO 27001, SSAE 16, PCI-DSS, FIPS-140, etc–is dangerous, as compliance in itself is not an effective security measure. By definition, standards must be uniform, yet all systems are unique, which means that any “compliant” system necessarily has gaps in the course of evaluation.
If at an industry level hoteliers and vendors can galvanize around driving towards a more secure state, the industry will be well positioned to capture the many benefits delivered by emerging lock systems while at the same time effectively protecting its most valuable asset of guest safety.