"A risk assessment of the Piql Services" by FFI

Unlike sabotage, there are limited ways a threat actor could conduct logical espionage of the Piql Preservation Services. The first alternative is to install spyware in the Piql IT system. It would only be necessary to get past the security code in the Front-End service before they would have access to potentially valuable client information being prepared for writing. After having gained this unauthorised access, the spyware could view and extract the relevant pieces of information for later reading by unauthorised persons. The act of espionage does not necessitate the instalment of malware which alters or somehow damages the information, so its integrity would remain intact. The confidentiality of the information, however, is grossly compromised. It can be bad enough that the information is accessed and read by someone else, but worse still is that we can assume the threat actor now privy to the information is someone the data owner least of all wanted to have access. The same loss of confidentiality would be the result when the second alternative is used. Spying on the contents of the Piql Preservation Services can also take the form of a threat actor using transmitters and receivers from outside the facility to gather information as it is transferred electronically. We have previously in this chapter alluded to risks related to the operational IT system security architecture which will be implemented by Piql partners. These are especially present during the production phase, but some also during storage. The system architecture was laid out in chapter 5. Here, we point to possible weaknesses or holes in the setup which a threat actor with abilities to perform logical attacks may exploit to gain access to the system. Though we stressed that the security mechanisms demanded of the Piql partners by Piql AS are relatively strong, there are three weak points we would like to consider in the Piql IT system. Firstly, there is the issue of the security code of the Front-End service. It is nearly impossible for FFI to analyse the reliability of the different security software employed here, especially when considering our 500 year perspective. Within the digital world, these things are extremely volatile, and software solutions are constantly tweaked and evolving as a result. The security software in Piql AS’ system architecture may change in just a few years, and perhaps very soon the HTTPS protocol for secure connection which many of us are accustomed to now may be obsolete. The best the Piql partners can do is always strive to keep up with the latest developments in the technology, update their software regularly, run the Piql Preservation Services in a professional way so as to instil trust, and maintain the best way of operations as possible. Some of these instructions we will come back to later in the next chapter concerning recommendations. Always keeping the security software state of the art, as the current setup is, is a way to ensure that the Front-End service is as impenetrable as can be. The second vulnerability was illustrated in the scenario describing sabotage, namely how a threat actor can gain access to the entire Piql computer system, not just the computer connected to the outside world with the external interface accessible to clients, to tamper with and alter the digital information stored in the system before printing. The reader will remember that the Piql IT system consists primarily of a Piql (reception and processing) computer and a Piql I/O 9.1.16 Threats to Computer Security

82

FFI-RAPPORT 16/00707