"A risk assessment of the Piql Services" by FFI

information unavailable to others, and, as such, can perform the operations with more ease and at a lesser risk and cost [44].

The means parameter describes the relevant resources a threat actor might employ to implement a given method, their capacities. The specific acts required of the given method are also briefly touched upon. By conventional weapons we mean weapons that are in relatively wide use. There is a natural delimitation against weapons of mass destruction, which is elaborated upon below. Conventional weapons include small arms and light weapons, as well as common explosives. 48 Electromagnetic weapons (EMW) also fall under this category [55]. More primitive weapons, such as knifes, axes and the like, are also included in this parameter. By non-conventional weapons we mean weapons of mass destruction, or weapons that are more indiscriminate in nature than conventional weapons. They include chemical, biological, radiological and nuclear agents (CBRN). By hand or power tools we mean the tools or items one uses to physically do damage. Such tools include the items you would need to damage the physical or electronic infrastructure of the storage facility, for example if you wish to force entry. These tools do not refer to actions requiring the weapons described above. Instead, we refer to a pin or otherwise specialised tool to pick a lock, or pliers to cut a cable. Another example would be if one simply wishes to wreak havoc, for example by using a sledge hammer on a control panel which for instance puts various monitoring systems out of action. The tools and the level of competence required to use them have various levels of sophistication. Hand and power tools also mean such tools you would need if the purpose is to simply damage computer resources or hardware, without any hope of extracting any information. By malicious transmitters we mean the equipment or device needed when the purpose is to damage or extract the information, but where such operations require physical proximity to be able to perform the act. Examples include, but are not limited to, malicious transmitters either clipped directly onto cables to receive the information flowing through them or transmitters handheld near enough to computer resources to receive the signals. The act and tools required to rewire certain cables are also included in this parameter. By software tools we mean any kind of malware or spyware that can be placed on computer resources, as they are connected to wider computer networks and, as such, more susceptible to hacks. Here we refer to a hack as secretly gaining unauthorised access to someone else’s computer for malicious purposes [72]. The malware and spyware can include, but are not limited to, viruses, worms, Trojans, fake antivirus malware, etc.

48 For a more detailed listing of all the weapons that are included in the categories small arms and light weapons, see [73].

102

FFI-RAPPORT 16/00707