"A risk assessment of the Piql Services" by FFI

B.9 Espionage

Scenario number 9

Espionage

Scenario justification

Justification : When the value that is to be protected is information, the risk of espionage must be taken into account. Espionage involves tasks which can be undertaken by individuals, companies and, of course, states. Though espionage and intelligence gathering comes in many forms, of particular interest here is signals intelligence, or information gathered from the interception of signals. Depending on the sensitivity of the information stored on the piqlFilm, this kind of espionage must be planned for and protected against. Purpose : As the Piql Preservation Services is an offline medium for the most part, any other form of espionage would somehow involve stealing the piqlFilm and reading its contents that way. Physical theft of this kind has been covered in other scenarios. This scenario we would rather use to demonstrate how the Piql Preservation Services can be subjected to logical theft, i.e. gaining unauthorised access to the signals carrying the information while it is electronically transferred inside a system. For the Piql Preservation Services, this is only possible during the production phase. Benefit : This scenario seeks to illustrate how the Piql Preservation Services is vulnerable to threats against their IT system during the ingestion of the client data. Though the information stored using the Piql Preservation Services is offline for most of its existence, it is also online for a small period of time, and securing the information during this time is vital. The risks faced are the same for all services connected to a public web server, but that cannot minimise the importance of the Piql Preservation Services doing what it can to mitigate those risks. Caveat : The Piql IT system is assessed to be well-secured, which means that it would take a threat actor with formidable abilities to break into the system logically. Therefore, this scenario presupposes that a state actor must be the culprit. A state actor would most likely spy on another state actor, often on some form of military intelligence or intelligence which could harm national security if it got out. We have to assume that if the Piql Preservation Services are used by a country’s Defence programme, then additional IT security would be put to meet that user’s very high security demands. However, for the sake of this assessment, we must analyse the possible risks based on the security regime set up by Piql AS. This scenario will illustrate the potential dangers of espionage to the other users who implement the IT security measures Piql stipulate, but be advised that the user in this scenario is unlikely to be as vulnerable. We must include the user, nonetheless, to gain a balance in the assessment.

Scenario outline

The scenario is set in the geographical zone North (North America). A threat actor with formidable skills in gaining unauthorised access into another’s IT system manages to break through the security software installed as part of the Piql IT system’s Front-End service. The state X, as we will call them, manages to install spyware on the Piql computer system which the security

145

FFI-RAPPORT 16/00707