"A risk assessment of the Piql Services" by FFI

regular access to the Piql Preservation Services. Such an insider can act of their own volition, motivated for instance by the prospect of revenge, or they can act on behalf of someone else, possibly if they have received financial compensation for them betraying their employer, i.e. a bribe. The insider can also be forced to somehow harm the Piql Preservation Services, for example if they are the subject of extortion. The inside threat is deemed one of the biggest security challenges to the Piql Preservation Services because it has the potential to harm all three of the security properties CIA and because the risk is present during all three phases of the service journey. The insider is, firstly, in a position to damage the piqlFilm, maybe beyond repair, affecting the integrity of the information and possibly its availability to the data owner. This can take place during production before the finished piqlFilm is sent for transportation to the piqlVault; during transportation if for instance one of the guards protecting the film during the transport is an unfaithful servant; or during storage while the physical piqlFilms are vulnerable to anyone with access to the piqlVault. However, Piql AS has made damaging the information in its physical form very difficult during production, as the design of the piqlWriter is such that the cover must be down during writing, which makes it impossible to for instance scratch the piqlFilm with a needle as it is being written. The insider can, secondly, simply remove the piqlFilm without authorisation or facilitate others so that they can remove it, without intending to damage it. If that is the case, the availability of the information is most certainly affected and potentially its confidentiality if the unfaithful servant has the intention of sharing the information with someone. During storage, for instance, anyone with the proper access to the piqlVault system can order a pick-up of a piqlFilm and simply walk out. Lastly, the rightly placed insider is also able to extract vital pieces of information from the piqlFilm without authorisation with the intention of sharing it with a third party, which compromises the confidentiality of the information. For instance, they can steal the original file of the client by making a copy onto a memory stick during the early phases of production. During the storage phase, however, the threats posed by the actions of the insider are somewhat mitigated. In choosing an automated storage and handling system as opposed to a manual one, accessing the piqlFilms is not as easy as it would have been if they were stored on shelves. Picking one off of a shelf to damage it or remove it from the facility would be easy work, and the record of such an act would be non-existent. Conversely, in the piqlVault system the piqlFilms are offered some measure of protection simply by virtue of being stored in the aluminium grid which cannot be accessed without machines. Removing a piqlFilm from ―the shelf‖ is thus no simple matter. The pick-up must be ordered electronically, which would also leave a record of the transaction, making it easier to trace later on if there is suspicion of foul play. This was the case in the scenario regarding theft of trade secrets with the help of an insider.

69

FFI-RAPPORT 16/00707