FFI-RAPPORT 16/00707

95

As a general rule and a way to ensure the most impenetrable computer security regime possible,

our recommendation is to the guidelines set forth by the Norwegian National Security Authority

[70]. Our view is that the routines of best practice laid out here must be in place. There are four

main guidelines and six additional ones. These stipulate: make sure that all hardware and

software is state of the art; update new security software as fast as possible; never distribute

administrator rights to end-users; and block any and all running of unauthorised programmes.

According to NSM, studies show that these four measures stop about 80-90 % of all internet

related attacks [70]. The additional six guidelines stipulate: activate code protection against

unknown vulnerabilities; harden applications; utilise firewalls on client interfaces; use secure

booting and hard disk cryptography; use antivirus and anti-malware; and never utilise more

applications and functions than strictly necessary.

Chapter 9 pointed to a minor flaw in the Piql IT system regarding the physical connectivity

between the Piql (reception) computer and the Piql I/O (production) computer. One of the

scenarios in the scenario analysis describes how a threat actor can utilise this connectivity to

create a logical connection between the two computers and as a result alter the information

being written onto the piqlFilm. To mitigate the effects of this, constant monitoring is required.

Another option is to create a true air gap between the two computers’ CPUs, i.e. use a USB

memory stick or the likes to transfer the files between the computers. Although this will not stop

the threat actor from gaining access into the Piql IT system, it will make it impossible to alter

the received client data undetected. However, such a measure is an unlikely feature of a

production process, as it would make the production too inefficient, but it is food for thought.

Verification of the integrity of the digital file upon receiving it from the client and after it has

been prepared for printing is key. Piql AS already has this measure included in their security

setup, and the recommendation is to always ensure that it is state of the art.

The last recommendation we make to Piql AS and to the Piql partners is regarding

cryptography, a recommendation we also elaborated upon in chapter 9. Our view is that any

computer security architecture which does not offer cryptographic methods is an unnecessarily

weak one. Though it would compromise Piql AS’ vision of the Piql Preservation Services as

self-contained, whether this feature should be intact or not should be up to the individual user to

decide. Measures should be implemented to protect the information also after it enters the Piql

IT system, not only at the Front-End Service before it enters. Piql AS should therefore offer this

solution to its users, though not all will want to utilise it. A caveat is, however, appropriate to

issue here. Though FFI recommends cryptography to be part of the service which Piql AS offers

their user to enhance security, we have no way of knowing how secure cryptographic methods

will be considered in the future, i.e. how easy it would be to break the cryptographic code.

Nevertheless, for the present this is the keenest recommendation we can make to ensure the

confidentiality of the information stored using the Piql Preservation Services.