"A risk assessment of the Piql Services" by FFI

During the production phase, the severity of the sabotage on CIA is greater with logical sabotage than with physical sabotage. Physical sabotage primarily includes inflicting damage to the machines necessary in the production process, which does little to the Piql Preservation Services other than to delay production, whereas logical sabotage can do some real damage. We will elaborate on how this is possible in the section below regarding computer security, but if the threat actor possesses enough skill, they can gain access to the Piql IT system and make alterations to it which makes it unable to detect whether files have been altered during the process of preparing the data for writing. In this scenario, entire files of information or just parts of the files can be damaged beyond repair or deleted altogether, severely affecting the integrity of the information. Finally, the piqlFilm itself in its physical form can be damaged as a result of sabotage, and this can happen during all three phases of the service journey, at any point after the piqlFilm is written. An insider or someone else who gains access to the piqlFilms unnoticed can tamper with the film. The sabotage can be subtle, like cutting away a few important frames and meticulously patching the film back together, or more crude like scratching the length of the piqlFilm with a nail. Either way, the information is altered and the integrity lost. As with theft, sabotage can also be done with the help of an insider, which increases the risk. An insider can even decide to cause the damage themselves, for instance if they feel they have been poorly treated and are seeking revenge. As demonstrated, sabotage is a real concern of the Piql Preservation Services, simply due to the sheer number of ways a threat actor can negatively affect the various components of the system. Although some acts of sabotage will have less negative consequence on the most important feature of the system, i.e. the information on the piqlFilm, they would still do damage to the system as a whole, affecting its functionality and therefore also the availability of the information. The Piql Preservation Services is an intricate service, and damaging one element will have consequences for the whole. When the sensitivity of the information stored on the piqlFilms is such that it is sufficiently valuable to a threat actor, the risk of espionage is present. Espionage involves tasks which can be undertaken by individuals, companies and, of course, states. We have previously defined espionage as the gathering of information by the use of secret and underhanded means in an intelligence capacity. Such gathering of information would, of course, include secretly getting a hold of the physical information of the piqlFilm, but we have put this action under theft in this assessment. Espionage and intelligence gathering comes in many forms, but of particular interest here is signals intelligence, or information gathered from the interception of signals [30]. In other words, we view it primarily as a logical risk to the Piql Preservation Services. This, in turn, means that it would only happen during the production phase, as this is the time when the valuable information is connected to online networks. As mentioned, there is no valuable information to spy on in the piqlVault IT system. 9.1.15 Espionage

81

FFI-RAPPORT 16/00707