FFI-RAPPORT 16/00707

69

regular access to the Piql Preservation Services. Such an insider can act of their own volition,

motivated for instance by the prospect of revenge, or they can act on behalf of someone else,

possibly if they have received financial compensation for them betraying their employer, i.e. a

bribe. The insider can also be forced to somehow harm the Piql Preservation Services, for

example if they are the subject of extortion.

The inside threat is deemed one of the biggest security challenges to the Piql Preservation

Services because it has the potential to harm all three of the security properties CIA and because

the risk is present during all three phases of the service journey. The insider is, firstly, in a

position to damage the piqlFilm, maybe beyond repair, affecting the integrity of the information

and possibly its availability to the data owner. This can take place during production before the

finished piqlFilm is sent for transportation to the piqlVault; during transportation if for instance

one of the guards protecting the film during the transport is an unfaithful servant; or during

storage while the physical piqlFilms are vulnerable to anyone with access to the piqlVault.

However, Piql AS has made damaging the information in its physical form very difficult during

production, as the design of the piqlWriter is such that the cover must be down during writing,

which makes it impossible to for instance scratch the piqlFilm with a needle as it is being

written.

The insider can, secondly, simply remove the piqlFilm without authorisation or facilitate others

so that they can remove it, without intending to damage it. If that is the case, the availability of

the information is most certainly affected and potentially its confidentiality if the unfaithful

servant has the intention of sharing the information with someone. During storage, for instance,

anyone with the proper access to the piqlVault system can order a pick-up of a piqlFilm and

simply walk out.

Lastly, the rightly placed insider is also able to extract vital pieces of information from the

piqlFilm without authorisation with the intention of sharing it with a third party, which

compromises the confidentiality of the information. For instance, they can steal the original file

of the client by making a copy onto a memory stick during the early phases of production.

During the storage phase, however, the threats posed by the actions of the insider are somewhat

mitigated. In choosing an automated storage and handling system as opposed to a manual one,

accessing the piqlFilms is not as easy as it would have been if they were stored on shelves.

Picking one off of a shelf to damage it or remove it from the facility would be easy work, and

the record of such an act would be non-existent. Conversely, in the piqlVault system the

piqlFilms are offered some measure of protection simply by virtue of being stored in the

aluminium grid which cannot be accessed without machines. Removing a piqlFilm from ―the

shelf‖ is thus no simple matter. The pick-up must be ordered electronically, which would also

leave a record of the transaction, making it easier to trace later on if there is suspicion of foul

play. This was the case in the scenario regarding theft of trade secrets with the help of an

insider.