FFI-RAPPORT 16/00707

97

Another choice made by Piql AS that has enhanced the security and safety of the Piql

Preservation Services – a subject we have touched upon in some sections of the report already –

is the choice of an automated storage system: the modified piqlVault storage system. This does

seem like a very robust choice of storage system which may eliminate many risks. Firstly, the

design of the piqlVault system grid seems quite stable and cannot easily be tilted or overturned.

This stability is strengthened by the tight stacking of the piqlBins within the grid. In this way,

the piqlFilms are better protected from falling to the floor and being damaged as a result than if

they were stacked on shelves. Secondly, it seems more difficult for an outsider to simply grab a

piqlFilm reel and run. Should a threat actor be able to break through the security regime and is

able to gain access to the storage room, the piqlVault system will serve as an extra obstacle, as

one also needs to be able to work the system in order to extract anything from it. And thirdly,

the system seems better protected against human error. The risks of human error causing

damages to the piqlFilms decreases with an automated system, as the piqlFilms are exposed to

potentially dangerous situations less often when handled by machines than if personnel were the

main way of handling the piqlFilms.

An additional, and perhaps the most significant, strength of the Piql Preservation Services is

being offline. As most other digital storage media, where the digital data is written onto a

physical medium stored separated from online networks, there is limited opportunity for a threat

actor to attempt to steal or otherwise harm the information stored on the piqlFilm by logical

means. What sets the Piql Preservation Services apart, however, is the prolonged period of time

in which is it offline, i.e. the fact that there is no need for the migration of the digital data onto a

new ―healthy‖ medium every few years. Such frequent migration requires more regular

connection to online networks, as well as more parties involved with the management of the

data. With the elimination of this need for migration, the content data stored on the piqlFilms

has to be connected to online networks only

once,

and only a handful of people must ever be

involved in the process of managing the data. The number of potential risk sources eliminated

by the offline properties of the Piql Preservation Services is therefore great.

Another strength of the Piql Preservation Services which is tied to this topic is the relative

solidity of the Piql IT system security architecture. Even when the content data is connected to

online networks, the computer security mechanisms put in place by Piql AS are relatively strong

– relatively in the sense that complete protection from all logical attacks of some kind is very

difficult to achieve. In consequence, the client data is kept relatively protected throughout its

journey with the Piql Preservation Services, at least with regards to computer security.

When it comes to physical security, there are some issues, but these are often a result of, and an

inherent part of, being part of a larger context where external forces outside of your control – be

it forces of nature or threat actors with malicious intent – can somehow affect you. Taking

necessary precautions and constantly being alert and aware of potential risks should be

sufficient. The risks to the Piql Preservation Services may be made to be even lower with time if

alterations are made to the Piql components in later work packages of the PreservIA project as a

result of this assessment. Risks may also be reduced if users apply our general recommendations

of increased safety and security – adjusted to their needs and circumstances, of course.