A New Perspective on NextGen ...
A New Perspective on NextGen ...
Later this month, a rather elite group of engineers and scientists will gather in Amsterdam to discuss “near space security.” Their concern: the skies are getting crowded. These aren’t the fabled “friendly skies” inhabited by airliners, business jets, sport aviators and birds; this is that higher strip of atmosphere where more than 1,000 satellites orbit - and sometimes roam off course. That’s apparently what happened on February 10, 2009, when a US and a Russian satellite collided a little less than 500 miles above Siberia. Most of the resulting debris is still floating around up there, creating what in maritime circles would be called “hazards to navigation.” The flotsam from Cosmos is of a little more concern because it is closer to the earth; the bits of Iridium went into a higher orbit.
The collision didn’t come as a complete surprise to the space community. They’d been watching the two satellites (Russia’s Cosmos 2252 was apparently already non-operational) for a year or more and at one point predicted that they would come within 117 miles of each other. At the time they collided, observers had estimated they were 584 miles apart. But they knew that something was going to happen eventually. The US satellite, Iridium 33, had been close to one thing or another between 10 and 15 times a week but data that was on hand at the time was not precise enough to yield any definitive prediction. That’s why the Near Space Security group is gathering; to update each other on the progress being made, not just to make predictions of coming collisions but to mitigate the effect or avoid them all together.
Kind of gives a new — though not necessarily comforting — perspective to the struggle to bring the Federal Aviation Authority into the 21st Century.
Hackers’ Favorite
The hospitality industry has become the new sweetheart of the hacker crowd, according a report issued last month by Trustwave. Right now, that has a lot of corporate finance departments checking their records to see if they are among those victimized by fresh data security breaches.
A little further down the road, though certainly not long-term, the revelation probably means that your business travelers will be seeing changes in some hotels’ wireless programs for guests. They may even see changes in the ways they are charged for purchases in hotels’ restaurants, sundry shops, etc.
It also doubtless means that there are groups out there preparing checklists and contract clauses to help protect corporations and their hotel programs from further damage.
There seems little doubt that the threat is widespread. While Wyndham Hotels & Resorts has borne the brunt of the bad publicity, 38 percent of the breaches investigated by Trustwave’s SpiderLabs occurred in the hospitality industry. The second most-targeted industry was financial services, at 19 percent.
Trustwave categorizes the intrusions into two basic groups: targeted and opportunistic. Opportunistic attacks are mostly one-on-one affairs; someone sees a chance to steal and use an account and takes it. Targeted attacks are higher stakes endeavors, in which skilled professional thieves gain access to some internal part of a payment acceptance system, sit there quietly and steal hundreds of records.
That systematic approach indicates a kind of professionalization of this brand of robbery. “Attackers have been shifting their focus from opportunistic to targeted attacks over the past year in strong numbers,” says Trustwave. “Attackers will always gravitate towards the most valuable data, putting organizations that store, process and transmit credit card and other financial data at a higher risk.” Commitment to the task at hand is one of the earmarks: published reports say that in the case of Wyndham, the initial break-in occurred in late October 2009 and continued until late January 2010, when it was detected and halted.
There are several factors that make hotels favorite targets. Their transactions are principally done through software-based point-of-sale systems, a hacker’s favorite point of entry.
The networks are often an amalgam of several different systems, tied together over time with little oversight. Some systems, though operational and open, are no longer in use. It’s quite possible that no one person in the hotel knows about all of them. Often, says Trustwave, a network administrator will notice something unexpected in the process of making an adjustment or fixing a problem, possibly even make a note to go back and take a closer look. But in the course of a busy work schedule, that doesn’t happen and the hacker is able to continue to harvest data.
In 81 percent of the cases investigated by SpiderLabs, the vulnerabilities were introduced by third party vendors and their products, most as a result of default settings, vendor-supplied authentication credentials or insecure remote access implementations.
Early adopters of wireless applications have often placed the access points inside their own networks “so employees can access resources without having to be tethered to a physical network jack.” Its convenience for hotel guests is undeniable; they can sit in hotel lounges and lobbies and connect back to their resources at the office.
But without security controls — virtual private networks or automated disconnects, for instance — hackers can do the same thing. They’re more likely to proceed directly to the hotel system, with its clutch of diverse card data and relatively little chance of detection. Going the other direction towards the corporate website is likely to be less fruitful and more futile.
In the Sky, with Diamonds — And A POS Handheld
There’s a healthy database about the specifics of airline ancillary sales being built and it already covers about 90 percent of the North American traffic, according to GuestLogix, a Toronto developer of the technology that both facilitates the sales and collects the data. As airlines become more adept at in-flight retailing, particularly with the ability to accept credit and debit cards, there’ll be more of the company’s handheld point-of-sale devices on board. The sky’s the limit for what might be sold, but it’s probably going to be the data that’s collected via those devices that will be most valuable.
The system is already providing some eye-opening data. Some of it is being made public by GuestLogix and its project partner Aviation Weekly. More will be available to those who buy their forthcoming benchmark report. It promises to be riveting reading, telling not only what’s being purchased and for how much but — more important to the airlines — on what routes and in which seats their best customers are likely to be found.
The onboard transactions are being grouped into three categories: buy-on-board (F&B, pillows, headsets, etc,); duty-free sales (alcohol, tobacco, jewelry ...); and “virtual goods” — theater tickets, ground transportation, mobile phone minutes and so forth. GuestLogix is even augmenting its own revenue by selling advertising space on the paper receipts that will be issued.
What’s already known: 10 percent of passengers are buying merchandise on board, averaging about $12.50 per transaction. Calculated across all passengers, it’s not terribly satisfying — an average of $1 to $1.50 “per passenger trip.”
But the airlines need to drive profits and they’ll probably be able to do it with higher-end partners and the strategies they can develop from the growing database. “Tomorrow,” says GuestLogix in its investor materials, they’ll be selling to 20 percent of their passengers and more than doubling revenue to an average transaction of $27.50 (an average per passenger trip spend of $5 or $6).
There are regional differences that are already known and being shared by GuestLogix and Airline Weekly. Sixty-eight percent of North American passengers are buying basic comforts: food, drink, pillows, etc. But it’s only 10 percent of the passengers in Asia; 32 percent in EMEA.
But the higher-ticket duty-free sales are being made on 74 percent of the Asian carriers, and on 79 percent in EMEA. On North American carriers, it’s only 54 percent.