"A risk assessment of the Piql Services" by FFI
Summary
This report is the Norwegian Defence Research Establishment (FFI) deliverable in work package (WP) 1 “Mapping of technologies and regulations” of the project “Preservation: Immune and Authentic” (PreservIA), supported by the Research Council of Norway (RCN). The aim of the PreservIA project is to improve a newly developed technology for long-term preservation of digital data (the Piql Preservation Services) to better ensure the security, immunity and authenticity of the information stored on the storage medium, the piqlFilm. The application of the service is both universal and global, and the components of the service have a life span of 500 years or more. The aim of the risk assessment is to identify the vulnerabilities of and challenges to the service. It was assessed by how well it could maintain the confidentiality, integrity and availability of the information, which are key properties of information security. The assessment uses the scenario-based approach, and the morphological method of scenario development was used to arrive at a set of scenarios covering the risks to the service used in the scenario analysis. descriptions. The scenario classes used were accident, technical error, natural disaster, crime, sabotage, espionage, terrorism, armed conflict and nuclear war. As this is a large number of scenario classes, and as it was necessary to include an even larger number of scenario descriptions, we used a scenario template for this purpose. The final scenario analysis identified several vulnerabilities. Some were severe, such as fire, chemical compounds and the inside threat from theft and sabotage. Some were less severe, such as the effect of electromagnetic pulses and nuclear radiation. Some simply require more testing before FFI can say anything definitive about the effects and consequences for the information stored with the Piql Preservation Services, such as the effects of water, smoke and pressure from overhead weight. The main weakness of the Piql Preservation Services was found to be the vulnerability of the emulsion layer on the piqlFilm, upon which the digital information is written. Robust protective measures surround the service, but the inside threat is still serious, as is sabotage due to the many components which can be affected. Strengths include plastic as the choice of material, automated storage as the storage management method, and relatively strong computer security mechanisms, including the piqlFilm being effectively offline. FFI has made several recommendations to mitigate these risks, which may be implemented in later work packages when requirement and design specifications are revised and new prototypes are developed. FFI will then have an advisory role and be available for discussions on implementations. Due to the scope of the assessment –a result of the wide application of the service and a long time perspective – simplifications were necessary in order to create suitable scenario
3
FFI-RAPPORT 16/00707
Made with FlippingBook Online newsletter