FFI-RAPPORT 16/00707

49

to describe them that way, as this seems implausible considering the current application areas of

the Piql system. We have instead chosen to include the scenarios where the Piql Preservation

Services is not perceived as the direct target, but nonetheless suffer as an indirect effect or

cascade effect. The piqlFilm is simply collateral damage to another attack not directed at it.

Similarly, as the Piql Preservation Services is not the target in these scenarios and there is no

direct threat present, it is difficult for us to give specific recommendations on how to mitigate

that threat. Our only recommendation must therefore be: always be aware of your surroundings.

Avoid high risk occupancies such as close proximity to chemical plants or refineries, or

placement of the piqlVault in a building which is likely to be a terrorist target due to one of the

other occupants, or in a city likely to be the target of a nuclear attack. Other recommendations

regarding the dangers that threaten the Piql Preservation Services in such scenarios, such as fire

protection, fortified walls to withstand tremors or explosives, are covered in the measures

recommended in other safety scenarios.

The scenarios more than often describe a worst case scenario where a vital safety or security

measure is missing. This is simply to illustrate how badly this can damage the Piql Preservation

Services in order to underline the importance of protecting the Piql Preservation Services from

such harm. It does not have to be a complicated or expensive measure: the important thing is

that it is present. Often a minor measure can make all the difference, especially when it comes

to issues regarding security. It can simply be about putting enough (minor) obstacles in the

threat actor’s way to deter them from acting. There is often an easy fix to the problem as well,

e.g. move a vault placed in an area with a higher risk of flooding to a higher floor to avoid flood

damage. One should always take into consideration that such changes can lead to different kinds

of vulnerabilities, such as, in this example, making the vault more vulnerable to the effects of

earthquakes and tremors.

An important delimitation of our scenario analysis is that the scenarios will not examine the

consequences of loss of information, i.e. how this may affect the company storing the

information financially or with regards to its reputation. Our scenario description and analysis

ends once the film is damaged or removed from the piqlVault without authorisation. The

aftermath falls outside the scope of our assignment. Our aim is to assist in the definition of the

safety and security measures that need to be in place to prevent said loss.

Finally, we must make one caveat regarding one of the security properties CIA. Normally, for

the security property availability to be deemed compromised the information in question must

be unavailable at a time when it is urgently needed, i.e. it is both time- and situation specific.

However, as the scenario descriptions in this report are generic, we have found it necessary to

redefine the usage of availability. Therefore, when we conclude that availability has been

compromised in a scenario, we mean that the information simply cannot be accessed –

regardless of the data owner’s need for it.