82

FFI-RAPPORT 16/00707

Unlike sabotage, there are limited ways a threat actor could conduct logical espionage of the

Piql Preservation Services. The first alternative is to install spyware in the Piql IT system. It

would only be necessary to get past the security code in the Front-End service before they

would have access to potentially valuable client information being prepared for writing. After

having gained this unauthorised access, the spyware could view and extract the relevant pieces

of information for later reading by unauthorised persons. The act of espionage does not

necessitate the instalment of malware which alters or somehow damages the information, so its

integrity would remain intact. The confidentiality of the information, however, is grossly

compromised. It can be bad enough that the information is accessed and read by someone else,

but worse still is that we can assume the threat actor now privy to the information is someone

the data owner least of all wanted to have access.

The same loss of confidentiality would be the result when the second alternative is used. Spying

on the contents of the Piql Preservation Services can also take the form of a threat actor using

transmitters and receivers from outside the facility to gather information as it is transferred

electronically.

9.1.16

Threats to Computer Security

We have previously in this chapter alluded to risks related to the operational IT system security

architecture which will be implemented by Piql partners. These are especially present during the

production phase, but some also during storage. The system architecture was laid out in chapter

5. Here, we point to possible weaknesses or holes in the setup which a threat actor with abilities

to perform logical attacks may exploit to gain access to the system. Though we stressed that the

security mechanisms demanded of the Piql partners by Piql AS are relatively strong, there are

three weak points we would like to consider in the Piql IT system.

Firstly, there is the issue of the security code of the Front-End service. It is nearly impossible for

FFI to analyse the reliability of the different security software employed here, especially when

considering our 500 year perspective. Within the digital world, these things are extremely

volatile, and software solutions are constantly tweaked and evolving as a result. The security

software in Piql AS’ system architecture may change in just a few years, and perhaps very soon

the HTTPS protocol for secure connection which many of us are accustomed to now may be

obsolete. The best the Piql partners can do is always strive to keep up with the latest

developments in the technology, update their software regularly, run the Piql Preservation

Services in a professional way so as to instil trust, and maintain the best way of operations as

possible. Some of these instructions we will come back to later in the next chapter concerning

recommendations. Always keeping the security software state of the art, as the current setup is,

is a way to ensure that the Front-End service is as impenetrable as can be.

The second vulnerability was illustrated in the scenario describing sabotage, namely how a

threat actor can gain access to the entire Piql computer system, not just the computer connected

to the outside world with the external interface accessible to clients, to tamper with and alter the

digital information stored in the system before printing. The reader will remember that the Piql

IT system consists primarily of a Piql (reception and processing) computer and a Piql I/O