Securing the Future of Travel

The cost of data breaches continues to skyrocket, resulting in an extremely competitive employment market for cyber security professionals. In fact, many open positions are taking months to be filled. Additionally, technology tools are evolving rapidly, making it harder to find the best solutions.

Meanwhile, attackers are working together, selling or trading information to gain illegal access to hospitality systems. It’s time the hospitality industry comes together to collectively defend against these common threats.

What is an ISAC?

Information Sharing and Analysis Centers (ISACs) help owners and operators in a specific sector protect their data from security threats or hazards.  ISACs started with a U.S. Presidential Executive Order in 1998 mandating major infrastructure sectors create specific organizations to share security information between companies inside that specified sector. There are now many industry-specific ISACs including the Electricity ISAC, Financial Services ISAC, Information Technology ISAC and more. These organizations focus on curating and sharing critical information around cyber and physical security to their respective audience.

Value of Threat Intelligence Sharing

It’s difficult to understand and track diverse threats through a single source without collaboration. Silos of security information include exercise responses, readiness levels, decision making, budget priorities, alerts and warnings, monitoring network activity, situational awareness and more. The collaboration of all of this information ultimately allows companies in the same space to collectively defend customers, staff and assets against the constantly evolving threat landscape. Organizations are also given the ability to multiply their knowledge and mitigate risk at a much higher speed.

HTNG CISO Forum | Travel ISAC

Prior to the Travel ISAC, Hospitality Technology Next Generation (HTNG) had a CISO Forum with the participation of many Chief Information Security Officers (CISOs) and representation from more than 25 major global hotel brands. For seven years, this group discused confidential security topics through a private communication channel. However, there grew a broader need to dive further into the overlapping travel industry as a whole. 

In late 2018, HTNG’s CISO Forum evolved into the Travel ISAC to grow and strengthen this relationship across the travel ecosystem. Participants include security professionals from the CISO level to the analyst level. With a traveler’s journey possibly including rail, rental cars, hotels, cruise lines, travel management companies and more, these sectors need to work together to secure the entire travel experience for their guests. 

Travel ISAC Overview

The Travel ISAC focuses on four main components:

• Sharing relevant and critical information on security issues as quickly as they happen in a trusted, confidential manner

• Coordinating response to achieve best-in-class capabilities

• Developing executive-level strategic security best practices, architectures and other materials that mature security posture in the travel industry

• Engaging law enforcement and other governmental agencies

The Travel ISAC is NDA bound, and sometimes may even leverage HTNG staff to share anonymous information within the group. Continuing the structure of the CISO Forum, this group will have at least two in-person meetings each year. The first meeting of 2019 was held on April 9-10 in New Orleans at HTNG and Hospitality Technology’s joint industry event: HT-NEXT.

What Does the Future Look Like?

Moving forward, the Travel ISAC platform is expected to grow exponentially. Industry-level cyber security analysts will continue to generate threat intelligence for and on behalf of Travel ISAC members. In addition to current efforts, the Travel ISAC will build cyber security workgroups around pressing issues to create solutions and deliver improved and rapid responses to the industry.