FFI-RAPPORT 16/00707

79

as extortion and force them to act a certain way which is beneficial to the threat actor. The threat

actor can either be working alone or it can be an organised effort, where the piqlFilm is the

target of organised crime. Perhaps the largest concern, as mentioned previously in this chapter,

is that the theft can be executed with the help of an insider.

There is an important distinction to be made with regards to theft of the information stored with

the Piql Preservation Services between physical and logical theft: by logical theft we mean

stealing the information while it is stored or transferred electronically;

39

and by physical theft

we mean stealing the physical storage medium, i.e. piqlFilm, which stores the digital data.

As the Piql Preservation Services is mainly an offline storage medium, there is limited

opportunity for a threat actor to attempt to steal the information stored on the piqlFilm by

logical means. This is only possible when the information is in contact with online networks, i.e.

during the production phase.

40

The Piql technology is true WORM – Write Once, Read Many –

and once it is written, it cannot be modified. Because there is less need for migration of the data

than with other storage media due to this feature, there is also less need for contact with online

networks. Fewer parties are involved with managing the information as well, as there is less

need for maintenance. The opportunities for logical theft are thus fewer, and the risk thereof

decreases as a result. Nevertheless, a threat actor could gain access to the data during the

production phase, which we will elaborate on in the section below regarding computer security.

If a threat actor wishes to steal information stored on the piqlFilm at any other point in the

service journey, this must involve the physical removal of the piqlFilm. As mentioned earlier in

the analysis, this risk is greatest during transportation, when security is at a minimum because

the piqlFilms are not in a Piql-controlled environment. The risk of physical theft is also very

much present during storage, however, as it is possible for someone to gain access to the storage

facility despite the presence of security measures. This can be done by force or by cunning.

Once again, though, the choice of an automated storage system can serve to mitigate certain

risks, here the ease with which theft is possible. In a manual system, the threat actor needs only

gain access to the storage room, grab the correct piqlBox and run. With the automated system,

however, an outsider would have more difficulty in, first, gaining access to the piqlVault

system, and, second, understanding how to work the system. This would require additional

planning and intelligence gathering beforehand, which might be enough to deter a threat actor

from acting. They can, unfortunately, instead enlist the help of an insider, which, as mentioned,

is a big concern. In doing so, they bypass the problem of not having intimate knowledge of the

system altogether.

9.1.14

Sabotage

Sabotage of the Piql Preservation Services is also a major concern, as there are so many

components of the system that can be tampered with. Especially when one considers that the

39

By logical threats or hazards we mean risks against the Piql Preservation Services while the information is stored or transferred

electronically. See [56, p.18].

40

The reader will remember that some of the information stored on the piqlFilm will also be connected to online networks during

data retrieval, but this step in not directly included in this assessment.