FFI-RAPPORT 16/00707

47

6.2 Considerations in Scenario Development

Several considerations create an operating environment for this assessment which is very

comprehensive: The universal and global application of the service, the 500 year longevity of

the piqlFilm, -Box, –Bin and some elements of the piqlVault, and the interconnected physical

and digital nature of digital preservation. We permit ourselves, in this section, a summary of the

vast number of variables present in this assessment, which must all be considered in order for

FFI to be able to make meaningful conclusions and recommendations regarding the Piql

Preservation Services. We therefore briefly outline these variables with the hope that it will

enable the reader to better understand the grounds upon which we based the decisions made in

the scenario development.

Before the variables, or considerations, are outlined, it is useful to introduce the criteria by

which the Piql Preservation Services will be judged in the scenario analysis, i.e. how well the

system and all surrounding protective measures hold up against unwanted external influence. As

the asset we are assessing the protection of in the scenarios is the information preserved on the

piqlFilms, it is evident that we are in the realm of information security. It is natural to judge the

Piql Preservation Services on its ability to guarantee the three key security properties of

information security. These are confidentiality, integrity and availability, easily remembered by

the abbreviation CIA, as described in chapter 4.

In addition to cover issues of data security, the assessment must also include the physical

security of the system. We therefore ask the question of how the information on the piqlFilms

can be compromised, either through the use of digital malware which damages or extracts

without permission the encoded information on the piqlFilms or because the physical

components of the system – the film, the box and the vault – are physically damaged. Both

incidences cause the information to be compromised, jeopardising the confidentiality, integrity

and availability of the information that is preserved.

Additionally, the scenario selection must also consider various causes of a security situation

challenging the Piql Preservation Services. The field of risk assessments is commonly separated

into two concepts: safety and security. Safety is defined as protection against unwanted events

that are caused by one or more coincidences, or unwanted unintentional events. Security is

defined as protection against unwanted events that are the result of deliberation and planning, or

unwanted intentional acts [11, 12]. In security, we have to account for threat actors and their

intentions and capacities because we are referring to events that are premeditated and pre-

arranged. This is unlike safety, where we cannot speak of threat actors in the same way. This is

not to say that there can never be a human actor who instigates an event in the safety category.

An accident can be a result of human error, but then the act is not deliberate, and the following

situation cannot thus be characterised as being related to security. The selection of scenarios in

our assessment must include issues that arise in both safety- and security-related situations,

because both can have negative consequences for the Piql Preservation Services.