FFI-RAPPORT 16/00707

91

chemical plant is built in the vicinity or if someday someone decides to bomb a neighbouring

business. If the piqlVaults and production sites are protected from the risks we can predict, they

should be well-prepared for most of the ones we cannot.

The inside threat was highlighted in chapter 9 as one of the biggest security challenges the Piql

Preservation Services faces. Fortunately, there are several things that can be done to mitigate

this threat:

1) One can make sure sound procedures for vetting of potential employees are in place during

the hiring processes. These can include full security clearance or criminal record and credit

check depending on sector.

2) It is important to perform such checks at regular intervals, not just at the start of the

employment. This is to ascertain whether any changes in circumstance has come about

which can have a negative effect on the way an employee conducts him- or herself at work.

3) It is possible to put in place even stricter procedures when it comes to accessing certain

parts of the service, making sure only a few highly trusted people have access to the most

critical parts of the service.

4) Some sort of control system can be implemented which ensure that the piqlFilms cannot be

removed from the grid without being signed out by a second Piql operator.

5) Similarly, a control system can be implemented which does not allow piqlFilms to leave the

storage facility unless authorised by two or more authorised personnel.

6) A working schedule can be worked out which ensures that no one person works alone. This

applies to the writing process, during storage and it applies to the security personnel. For

instance, a Piql operator working alone can simply put a memory stick into the computer

and download the original file, and a security guard working the night shift can be bribed to

give unauthorised access to threat actors.

Besides these specific measures, mitigating the inside threat mostly comes down to building a

relationship of trust between employees.

In chapter 5.4 of this report, when we outlined the location and description of the piqlVault, we

alluded to the fact that perhaps not all users would wish to store their sensitive information in a

regular office building. We were referring to the so-called high demanding user. When such

users believe that a regular office building will not provide sufficient safety and security

measures, our recommendation is to instead place their piqlVault system in a mountain

repository.

46

The additional safety and security benefits of placing the information in a mountain

hall include the location, which is somewhere off the beaten track, the exact location possibly

being unknown to most people, multiple backup generators as energy redundancy, and fortified

walls with additional protection against a nuclear blast, radiation, electromagnetic pulses and

CBR agents. If the user does not have access to storage facilities such as these themselves, it is

possible to rent a room in a mountain hall, which is called hosting.

46

The high demanding user may also wish to use a manual storage system instead of an automated one.