FFI-RAPPORT 16/00707

145

B.9 Espionage

Scenario number 9

Espionage

Scenario justification

Justification

: When the value that is to be protected is information, the risk of espionage must be

taken into account. Espionage involves tasks which can be undertaken by individuals, companies

and, of course, states. Though espionage and intelligence gathering comes in many forms, of

particular interest here is signals intelligence, or information gathered from the interception of

signals. Depending on the sensitivity of the information stored on the piqlFilm, this kind of

espionage must be planned for and protected against.

Purpose

: As the Piql Preservation Services is an offline medium for the most part, any other form

of espionage would somehow involve stealing the piqlFilm and reading its contents that way.

Physical theft of this kind has been covered in other scenarios. This scenario we would rather use

to demonstrate how the Piql Preservation Services can be subjected to logical theft, i.e. gaining

unauthorised access to the signals carrying the information while it is electronically transferred

inside a system. For the Piql Preservation Services, this is only possible during the production

phase.

Benefit

: This scenario seeks to illustrate how the Piql Preservation Services is vulnerable to threats

against their IT system during the ingestion of the client data. Though the information stored using

the Piql Preservation Services is offline for most of its existence, it is also online for a small period

of time, and securing the information during this time is vital. The risks faced are the same for all

services connected to a public web server, but that cannot minimise the importance of the Piql

Preservation Services doing what it can to mitigate those risks.

Caveat

: The Piql IT system is assessed to be well-secured, which means that it would take a threat

actor with formidable abilities to break into the system logically. Therefore, this scenario

presupposes that a state actor must be the culprit. A state actor would most likely spy on another

state actor, often on some form of military intelligence or intelligence which could harm national

security if it got out. We have to assume that if the Piql Preservation Services are used by a

country’s Defence programme, then additional IT security would be put to meet that user’s very

high security demands. However, for the sake of this assessment, we must analyse the possible

risks based on the security regime set up by Piql AS. This scenario will illustrate the potential

dangers of espionage to the other users who implement the IT security measures Piql stipulate, but

be advised that the user in this scenario is unlikely to be as vulnerable. We must include the user,

nonetheless, to gain a balance in the assessment.

Scenario outline

The scenario is set in the geographical zone North (North America). A threat actor with formidable

skills in gaining unauthorised access into another’s IT system manages to break through the

security software installed as part of the Piql IT system’s Front-End service. The state X, as we

will call them, manages to install spyware on the Piql computer system which the security