"A risk assessment of the Piql Services" by FFI

it involves the destruction of all physical barriers which prevents or delays unwanted behaviour towards the asset that is protected, such as the fortified walls of the piqlVault, and all electronic equipment or solutions which support, combine with or replace the physical measures, such as access control card readers. An example of such destruction would be a very powerful bomb which obliterates an entire building. Physical manipulation targets all the same objects and materials as physical destruction, but is less severe. The objects in question are not damaged beyond repair, but simply put out of action for a time. Manipulation is defined as being too subtle and requiring too much finesse to use indiscriminate weapons. Tampering with the physical piqlFilm to erase or add frames after it has been printed; tampering with the piqlWriter to adjust settings so that the printing process is altered; cutting cables to deactivate alarm systems or ventilation systems; performing unauthorised operations directly on a Piql Preservation Services computer that cannot be accessed remotely; setting off a small explosive device whose blast radius is easily controlled to break through a door; or simply pick the lock: all these actions fall under the parameter of physical manipulation. The storage facility and the production site, including their components and structural dependencies are somehow physically manipulated. The purpose of these actions is in some way to compromise the CIA of the relevant piqlFilms. The physical nature of the act must be stressed, however, meaning that the threat has to be physically present to perform the deed, either touching the entity or device in question or being in the necessary proximity to send or receive the necessary signals. We also define this parameter to include the physical removal of a piqlFilm without authorisation. In this way, the predetermined daily routine of the piqlFilm is altered, or manipulated. Logical destruction entails irreparably damaging the information during the periods when it is not on the piqlFilm, i.e. either during ingestion or for a brief window during the data retrieval. Unlike the parameter requiring physical proximity in order to alter a process or object, this parameter consists only of operations that can be done remotely by gaining access to a Piql Preservation Services computer through hacks. Using various software tools, such as certain types of malware and viruses, entire files of information or just parts of the files are damaged beyond repair or deleted altogether. Logical manipulation involves the same tactics as logical destruction, but here the purpose is not to destroy, but to gain access to embed malicious code, through the use of certain types of malware, in order to alter the information. Using the same reasoning as with physical manipulation, we also place the unauthorized logical extraction of data under this parameter, perhaps through the use of spyware. The sophistication of the Piql IT security architecture is such that we do not deem it possible for an individual without knowledge of the Piql Preservation Services , i.e. an employee, to gain access to the system. Finally, the method insider entails engaging someone with intimate and unique knowledge of the Piql Preservation Services to perform the necessary operations, either physical or logical, in order for a third party to achieve their goals. By definition, an insider is someone privy to

101

FFI-RAPPORT 16/00707