Table of Contents Table of Contents
Previous Page  145 / 177 Next Page
Information
Show Menu
Previous Page 145 / 177 Next Page
Page Background

FFI-RAPPORT 16/00707

143

Production site

description

The scenario takes place during the production of the piqlFilm. The

setting is therefore the production site, which is situated in a standard

office building. The Piql computer, the piqlWriter and the piqlReader are

all located in the same large production room, whereas the processing

room and its equipment are located elsewhere.

The productions site is regulated through ventilation to uphold the ISO

standards governing levels of humidity and temperature.

Local safety

measures

We assume that all safety measures required by Piql AS to be in place in

the storage facility also apply in the production site. See section 5.5.1 for

details.

Local security

measures

All security measures required by Piql AS are in place.

Consequences

Outer building

The physical infrastructure of the building and the storage room is not

affected during the incident.

Production site

The structural integrity of the production site is not affected by the

incident. However, the Piql IT system, as part of the Piql Preservation

Services, is breached. State X hackers are able, with the full weight and

resources of state X behind them, to breach the security software of the

Front-End code and gain access into the Piql computer system. Once

there, the hackers place malware which utilises the interconnection

between the Piql computer and the Piql I/O computer to completely

connect the two. As the hackers now have free access to both computers’

CPU they can alter the client data undetected because they also change

the corresponding checksum on both CPUs. Even though the Piql I/O

computer does what it is supposed to and checks the integrity of the data

against the designated checksum, it can find no faults and confirms the

data ready for writing on the piqlFilm.

Box

The piqlBox is not affected during the incident.

Film

The client information which is being prepared for writing onto the

piqlFilm is accessed without authorised permission to the detriment of

the data owner. It is altered to exclude certain important pieces of

information. The complete information is thus prevented from being

printed.

Power/energy

supply

The power supply is not affected during the incident.

Divergence from

ISO standard

The storage conditions of the Piql Preservation Services are not affected

during the incident.

1 140 141 142 143 144 145 146 147 148 149 150 151 177  FlippingBook