"A risk assessment of the Piql Services" by FFI

As a general rule and a way to ensure the most impenetrable computer security regime possible, our recommendation is to the guidelines set forth by the Norwegian National Security Authority [70]. Our view is that the routines of best practice laid out here must be in place. There are four main guidelines and six additional ones. These stipulate: make sure that all hardware and software is state of the art; update new security software as fast as possible; never distribute administrator rights to end-users; and block any and all running of unauthorised programmes. According to NSM, studies show that these four measures stop about 80-90 % of all internet related attacks [70]. The additional six guidelines stipulate: activate code protection against unknown vulnerabilities; harden applications; utilise firewalls on client interfaces; use secure booting and hard disk cryptography; use antivirus and anti-malware; and never utilise more applications and functions than strictly necessary. Chapter 9 pointed to a minor flaw in the Piql IT system regarding the physical connectivity between the Piql (reception) computer and the Piql I/O (production) computer. One of the scenarios in the scenario analysis describes how a threat actor can utilise this connectivity to create a logical connection between the two computers and as a result alter the information being written onto the piqlFilm. To mitigate the effects of this, constant monitoring is required. Another option is to create a true air gap between the two computers’ CPUs, i.e. use a USB memory stick or the likes to transfer the files between the computers. Although this will not stop the threat actor from gaining access into the Piql IT system, it will make it impossible to alter the received client data undetected. However, such a measure is an unlikely feature of a production process, as it would make the production too inefficient, but it is food for thought. Verification of the integrity of the digital file upon receiving it from the client and after it has been prepared for printing is key. Piql AS already has this measure included in their security setup, and the recommendation is to always ensure that it is state of the art. The last recommendation we make to Piql AS and to the Piql partners is regarding cryptography, a recommendation we also elaborated upon in chapter 9. Our view is that any computer security architecture which does not offer cryptographic methods is an unnecessarily weak one. Though it would compromise Piql AS’ vision of the Piql Preservation Services as self-contained, whether this feature should be intact or not should be up to the individual user to decide. Measures should be implemented to protect the information also after it enters the Piql IT system, not only at the Front-End Service before it enters. Piql AS should therefore offer this solution to its users, though not all will want to utilise it. A caveat is, however, appropriate to issue here. Though FFI recommends cryptography to be part of the service which Piql AS offers their user to enhance security, we have no way of knowing how secure cryptographic methods will be considered in the future, i.e. how easy it would be to break the cryptographic code. Nevertheless, for the present this is the keenest recommendation we can make to ensure the confidentiality of the information stored using the Piql Preservation Services.

95

FFI-RAPPORT 16/00707