"A risk assessment of the Piql Services" by FFI

500 year longevity. What good is a longevity of this magnitude if the information cannot be accessed in the future without additional references?

However, this trade-off between security issues and the concept of self-containment should be up to the user to decide. If a user, for instance a national archive, wishes their information stored on the piqlFilms to be accessible to all, also in the future, then cryptography is a non-issue and the concept of self-containment is paramount. If, however, a user, perhaps a competitive business storing patents, wishes their information to remain secret or private no matter what, then cryptography is vital. The decision depends on whether the user values availability or confidentiality the most. Piql AS’ current security architecture addresses integrity – through the measure of verification – and availability – by not deleting the original file from their computer system until the production process is complete. Conversely, they do not offer anything to address confidentiality. Though this may run counter to their vision for the Piql Preservation Services, not at least offering it as a part of their security architecture for users to choose is a weakness. As mentioned previously in this chapter, the only real logical threat to the piqlVault system is sabotage in the form of a threat actor gaining access to the system and wreaking havoc in the piqlVault grid. They can create complete chaos with regards to the locations of piqlBins within the grid and thus affect the availability of the piqlFilms, but the information security properties are not otherwise affected. It was also said that a threat actor had two ways to achieve this level of chaos. In the following we discuss how these events can come to pass by highlighting the exploited vulnerabilities of the piqlVault system. 43 The first option was to gain access to the piqlVault IT system through the potentially vulnerable B interface network between the Piql IT system and the piqlVault IT system and install malware in the EWMS which switches the reel IDs around or orders random pick-ups continuously. The mere role of the B network as an interface between the two systems makes it a point of vulnerability. However, it seems that the setup it delivered from the supplier as a robust system when it comes to computer security, and it is up to Piql AS and their realisation of the system to keep it secure. It seems that Piql AS has done just that. Yet, such an interface can always be turned into the chink in the otherwise solid armour and exploited by threat actors with the proper know-how. The second option was to affect the radio signals controlling the movements of the robots through the use of a malicious transmitter. The use of a 2.4 GHz frequency to send the radio signals through enhances security, as there is less radio propagation of the signals. However, FFI has not learned of any cryptographic methods used in the information in the signals. Without this feature the information in the signals can be accessed and possibly distorted. With Apart from the abovementioned weaknesses in the Piql IT system, there are also some worth mentioning in the piqlVault IT system during the storage phase.

43 See figure 5.4 in chapter 5 as a reference.

84

FFI-RAPPORT 16/00707