Condensed extract by Piql - A risk assessment of the Piql Services

A Risk Assessment of Piql Services

Condensed extract by Piql of the report written by the Norwegian Defence Research Establishment

The following document is written by Piql AS.

It is a very condensed and limited extract of the 174-page report “A risk assessment of the Piql Services” written by The Norwegian Defence Research Establishment as a conclusion to their thorough assessment of Piql Services. In addition, it contains an overview of measures Piql have taken to further minimize risk based on the recommendations in the report.

To read FFI’s full report, please follow this link: https://www.ffi.no/no/Rapporter/16-00707.pdf

Context and the research question The aim of this comparative study was to understand all the problems and risks associated with existing data storage and data preservation technologies, as well as to provide specific guidelines for improvement. The study was done in scope of an R&D project named PreservIA, and was performed largely by Norwegian Defence Research Establishment (FFI). FFI is a trusted global authority in risk assessment. This is a very important topic and a big problem in the world. As digital data universe continues to exponentially grow, the world’s most important information could be lost if there is no ideal future-proof storage solution. FFI was invited to conduct a thorough risk assessment of existing data storage and preservation solutions, including Piql’s Preservation Services. In addition to this being a very important topic in the world, it is also a crucial topic for Piql because of its mission and ambition to develop world’s most secure, immune and authentic way of safeguarding irreplaceable information. It was important for Piql to learn about areas for improvement, and deliver solutions that will improve its service. Methodology FFI has used the scenario-based method for identifying and assessing the relevant risk scenarios. After conducting a qualitative evaluation of all scenarios, here are the relevant ones used in the study: an accident, technical error, natural disaster, theft of piqlFilm, theft of sensitive information, sabotage, espionage, terrorism, armed conflict, and nuclear war. Results Based on the relevant scenarios (above), here are vulnerabilities and security challenges which have been identified and addressed in detailed analysis by FFI:

Out in the open When piqlFilm is outside of Piql- controlled environment, i.e. during transport, and/or outside of piqlBox.

Loss of ideal storage conditions Can happen for any reason and could jeopardize the 500 year longevity.

Inside threat One of the biggest security challenges to the Piql Services.

Water Risky to the integrity of the piqlFilm when in excessive amounts that come from major natural disasters, i.e. floods, because then it becomes filthy and acidic and can thus damage piqlFilm beyond repair.

Fire Major risk to integrity when

Jolts and drops When piqlBox is dropped to the floor due to human error and there is a risk-opportunity for piqlFilm to fall out and become damaged.

temperatures are above 170 degrees Celsius, as this will cause piqlBoxes to melt, which can seriously harm the integrity of the piqlFilm.

Nuclear radiation If piqlFilm is exposed to nuclear radiation, high-energy radioactive exposure over long period of time could degrade it.

Chemical Compounds Oxidative chemicals, i.e. ozone, can lead to reduced longevity of piqlFilm and piqlBox.

Harmful microorganisms Can lead to reduced longevity of piqlFilm and piqlBox, like chemical compounds.

Electromagnetic radiation Can negatively influence electrical equipment inside the piqlVault, but will not have any influence on piqlFilm or piqlBox.

Sabotage Major concern for Piql Services, both if motivation is to to damage the information or simply create chaos.

Theft of piqlFilm Is one of the biggest threats.

Espionage Becomes the risk when the information on piqlFilm holds great value to a threat actor, who would attack during the production phase when the information is still connected to online networks.

IT Security Despite having relatively strong mechanisms, there are weak points which can be attacked.

Conclusions FFI’s risk assessment has thoroughly examined and challenged Piql and other existing data storage and preservation solutions by applying worst-case scenario-based model. The threats applied in the study can be divided into severe threats, i.e. fire, insider threat, etc, and not-so-severe threats, i.e. electromagnetic pulses, water, etc. As expected, such method pointed out numerous vulnerabilities and security challenges to all data storage and preservation technologies. Many existing data storage and preservation technologies are unable to solve most problems that FFI has presented because of the limitations of their solution’s design and their storage mediums. However, Piql System’s design and storage medium allow for creation of simple add-on solutions that can protect piqlFilm and piqlBox from the majority of these solutions, and can also re-develop some features to solve other threats. This level of versatility is what makes Piql the best data storage and preservation service provider available today. Based on client’s needs and what client deems as the biggest threat for them, Piql can easily add features which will solve the problem.

Since this report was published in June of 2016, Piql has been actively developing features that FFI pointed out as needed.

To learn more about FFI risk assessment of Piql and alternative solutions, please contact your local Piql Partner.

Piql AS

Grønland 56, 3045 Drammen NORWAY

www.piql.com

VERSION 2 | 16.08.2018

Made with FlippingBook Annual report