Security breaches — including those that compromise the digital assets hoteliers are entrusted with protecting — are bad for the entire industry. As more properties embrace the benefits of networked, smart door locks, they need solid guidance to decrease risk and avoid incidents. Compromised door lock systems not only threaten guest safety, but can become entry points into the hotel’s network if not properly protected.
“Hotel door lock systems need to be as secure as payment systems,” says Armand Rabinowitz, senior director of strategy and workgroups at HTNG and co-chair of the Door Lock Security Workgroup.
HTNG’s Door Lock Security Workgroup released several key deliverables earlier this year, including a Best Practices guide highlighting selection criteria, deployment recommendations and considerations for RFID and mobile key programs. The documents are designed to assist all property types, from large resorts to small boutique properties.
Staking Out the Challenges
The workgroup, which included most major hotel chains and door technology manufacturers, started by interviewing hoteliers to help create a threat model — identifying what needs to be secured and all potential adversaries.
“Our initial focus was on protecting guest safety,” says Ted Harrington, executive partner at Independent Security Evaluators and co-chair of the Door Lock Security Workgroup. “But we found that hoteliers cared about many additional assets as well, that are impacted by locking systems.”
The threat model outlined 13 assets, including guest safety, privacy and experience, as well as brand reputation, corporate data, system availability, data integrity, and more. The document also identified adversaries, attack surfaces, and abuse cases. Those findings served as the foundation for creating the best practices, RFP criteria and deployment guidance. By getting in a room, comparing notes and collaborating on ideas through the workgroup’s process, vendors gain critical insights to make their products better.
At the same time, hoteliers get insight into electronic lock capabilities and best practices. This helps everyone gain deep understanding of the ideas behind each approach even before the final work products are released.
Those discussions and debates led to some unexpected findings, which the workgroup incorporated into the best practices document.
Key findings included the following:
- Hotels may assume door lock manufacturers are liable for product failures, but that isn’t always the case.
- Some electronic locking systems may rely on proprietary security protocols rather than open security standards. If the third party installer does not change the default setting, when one hotel system is compromised, all others with the default setting become exposed.
- Hotels often consider door locks a physical fixture with depreciation rates of 10-15 years, but that’s an eternity for technology. Some systems are becoming modular so the technology is field upgradable while the hardware stays in place.
- Electronic door locks are being integrated with a growing number of other systems, so integration methods are a key consideration.
Security From a Hacker’s Perspective
Hoteliers now have a substantial set of best practices for ensuring their door lock systems deliver their full benefits while minimizing security risks.
“To defend against the attacker, you must think like the attacker,” Harrington elaborates. “By adopting an adversarial perspective, organizations can begin to understand how they will be attacked, and thus can best understand how to defend.”
HTNG members can view the Door Lock Security Best Practices Guide upon log-in at: http://www.htng.org/doorlockbestpractices/