"A risk assessment of the Piql Services" by FFI

Another choice made by Piql AS that has enhanced the security and safety of the Piql Preservation Services – a subject we have touched upon in some sections of the report already – is the choice of an automated storage system: the modified piqlVault storage system. This does seem like a very robust choice of storage system which may eliminate many risks. Firstly, the design of the piqlVault system grid seems quite stable and cannot easily be tilted or overturned. This stability is strengthened by the tight stacking of the piqlBins within the grid. In this way, the piqlFilms are better protected from falling to the floor and being damaged as a result than if they were stacked on shelves. Secondly, it seems more difficult for an outsider to simply grab a piqlFilm reel and run. Should a threat actor be able to break through the security regime and is able to gain access to the storage room, the piqlVault system will serve as an extra obstacle, as one also needs to be able to work the system in order to extract anything from it. And thirdly, the system seems better protected against human error. The risks of human error causing damages to the piqlFilms decreases with an automated system, as the piqlFilms are exposed to potentially dangerous situations less often when handled by machines than if personnel were the main way of handling the piqlFilms. An additional, and perhaps the most significant, strength of the Piql Preservation Services is being offline. As most other digital storage media, where the digital data is written onto a physical medium stored separated from online networks, there is limited opportunity for a threat actor to attempt to steal or otherwise harm the information stored on the piqlFilm by logical means. What sets the Piql Preservation Services apart, however, is the prolonged period of time in which is it offline, i.e. the fact that there is no need for the migration of the digital data onto a new ―healthy‖ medium every few years. Such frequent migration requires more regular connection to online networks, as well as more parties involved with the management of the data. With the elimination of this need for migration, the content data stored on the piqlFilms has to be connected to online networks only once, and only a handful of people must ever be involved in the process of managing the data. The number of potential risk sources eliminated by the offline properties of the Piql Preservation Services is therefore great. Another strength of the Piql Preservation Services which is tied to this topic is the relative solidity of the Piql IT system security architecture. Even when the content data is connected to online networks, the computer security mechanisms put in place by Piql AS are relatively strong – relatively in the sense that complete protection from all logical attacks of some kind is very difficult to achieve. In consequence, the client data is kept relatively protected throughout its journey with the Piql Preservation Services, at least with regards to computer security. When it comes to physical security, there are some issues, but these are often a result of, and an inherent part of, being part of a larger context where external forces outside of your control – be it forces of nature or threat actors with malicious intent – can somehow affect you. Taking necessary precautions and constantly being alert and aware of potential risks should be sufficient. The risks to the Piql Preservation Services may be made to be even lower with time if alterations are made to the Piql components in later work packages of the PreservIA project as a result of this assessment. Risks may also be reduced if users apply our general recommendations of increased safety and security – adjusted to their needs and circumstances, of course.

97

FFI-RAPPORT 16/00707

Made with FlippingBook Online newsletter