"A risk assessment of the Piql Services" by FFI

information is lost than if other less sensitive pieces of information were lost. The same logic is also applied to the recommendations we give in chapter 10 to help alleviate these points of vulnerability: If the information is more sensitive, a greater number of and a higher sophistication of measures are needed to protect it.

9.1 Vulnerabilities and Security Challenges Identified

Throughout the following presentation of the vulnerabilities and security challenges of the Piql Preservation Services, it will become evident that some of the risks are of greater importance than others to the overall safety and security of the system. Where this is the case, it is possible to indicate that a greater degree of emphasis should be placed here with regards to the tasks in later work packages of the PreservIA project related to improving various points of vulnerability. Where this emphasis is recommended, the decision is not based on the likelihood of a given event occurring, but rather on the severity of the consequences of that event for the Piql Preservation Services. It will also become apparent that some risks which initially seemed like obvious points of vulnerability in fact were only minor issues due to the sound choices already made by Piql AS regarding the implementation of the Piql Preservation Services. We start by describing some general risks to the Piql Preservation Services as a whole, before evaluating specific vulnerabilities regarding the properties of the Piql components. Finally, threats from intentional acts are described. A general point about the vulnerability of the Piql Preservation Services is the fact that the piqlFilm is always more vulnerable when it is ―out in the open‖. This both alludes to the fact that the piqlFilm is most vulnerable at any time it is not in the piqlBox, as during the production when it is written and read back for verification, but also when the piqlFilm is outside a Piql- controlled environment altogether. This makes the transportation phase the most vulnerable phase of the entire service journey. This is when the Piql partner has the least control over the external influences on the piqlFilm, much less than during the production phase and certainly less than during the storage phase. During the two latter, the Piql partner can create a protected environment where measures and routines are in place to make sure that the piqlFilms are as safe and secure as they can be. During the transportation phase, the measures put in place are fewer and factors outside of the Piql partner control are more numerous. The dangers involved here were illustrated by the scenario describing a successful attack on a transportation truck, despite the presence of many sound security measures. 9.1.1 “Out in the Open”

9.1.2

Inside Threat

One of biggest security challenges to the Piql Preservation Services identified is the inside threat, or ―the insider‖. Also known as the unfaithful servant, it involves a trusted employee or someone otherwise connected to the Piql Preservation Services. Such employees are normally properly vetted and evaluated before being trusted with their tasks, and as such they often have

68

FFI-RAPPORT 16/00707