"A risk assessment of the Piql Services" by FFI

3 Scope

The Piql Preservation Services is a complex system, with several components with various features, and both a production and a storage phase. When we recall that Piql AS’ vision for the system is both universal and global, and we add to that a time perspective of 500 years, we begin to comprehend the complexity of the Piql Preservation Services and thus the intricacy of doing a risk assessment of this system. Because of this complexity it is necessary to limit the field of our risk assessment. First, however, it is pertinent to outline what is meant by risk assessment. Yet, before explaining our approach to doing a risk assessment, we must clarify some term usage. In this report, we are using the term risk assessment , not threat assessment or threat analysis. The term risk covers both intentional acts and unintentional events and does not therefore risk excluding the latter, as the term threat can do. Additionally, according to the definition we follow here, an analysis is only a small part of an assessment, and we aim to evaluate more than would be covered by an analysis. Risk assessments, be it for a product or a business model, are a method to better manage risks. Knowing which threats or hazards may harm our objectives and which vulnerabilities our values have can allow security measures to be put in place, which lets us control the risk and determine it at a level which is found acceptable and tolerable. By including a risk assessment as part of a R&D project, Piql AS ensures that risks are identified early in the development process of the system, so that new or modified design and manufacturing requirements for version two of the piqlFilm and -Box can be implemented. Moreover, security parameters surrounding the piqlVault can also be recommended to the end users. Different approaches to risk assessment and how best to apply them in real life is a contested issue in the field of societal security and preparedness. There are two main approaches used in Norway: 1 the NS 5814, which is based on SN-ISO Guide 73:2009 [5], and the newer NS 5832 [6]. They are in part competing approaches, and there is a lot of discussion in different work and research environments as to which is the better one to use. FFI has also been instrumental in this discussion, recently completing a thorough study on the subject specifically on the merit of the different approaches when it comes to preparing for unwanted intentional acts [7]. Their conclusion is, not surprisingly, that both approaches have their strengths and weaknesses, and that they can – and perhaps should – complement each other for a better result. We will use the more scientifically founded terminology of the NS 5814 as the general framework for our risk assessment approach. Within this framework, however, we incorporate the three factor model presented in the NS 5832 into the analysis, which captures the relationship between value, threat and vulnerability. This value-oriented thinking is essential to this risk assessment. In order to develop a product for the targeted application areas which in a security context is adapted to the market’s needs, we need to start by gaining an understanding of which assets each application area needs protected, i.e. what type of information and the

1 Norway is used as a frame of reference, as this is where we have the most experience. The standards used are also representative of other national standards.

17

FFI-RAPPORT 16/00707