"A risk assessment of the Piql Services" by FFI

piqlFilms is, in other words, a casualty of war. As all the piqlFilms are annihilated in the explosion, the integrity and availability of the information is forever lost, whereas the confidentiality remains intact. See appendix B.12 for full details.

9 The Vulnerabilities and Security Challenges of the Piql Preservation Services

In this chapter we provide an overview of the vulnerabilities and security challenges to the Piql Preservation Services which were identified in the scenario descriptions. Additionally, some vulnerabilities and security challenges which were not a direct result of the scenario analysis are presented. As stressed in chapter 6, where the method for scenario selection was developed and the final selection was chosen, there are many possible scenario descriptions which would fit into a scenario class applicable to the Piql Preservation Services. We had to make a selection which would not describe all the vulnerabilities and security challenges. Some that we had to leave out have been described in other documents FFI have had access to. We therefore include them here as well, in order for this document to serve as a (as near as possible) complete and exhaustive list of the vulnerabilities and security challenges faced by the Piql Preservation Services. Before the risks faced by the Piql Preservation Services are described, however, it must be stressed that the assessments made here are purely theoretical. They are based on the information we have received from Piql AS and other members of the PreservIA Consortium and evaluations of our own. The results have not yet been practically tested: we leave this up to other participants in the PreservIA project. It should also be noted that the severity of the vulnerabilities of the Piql Preservation Services, and the consequences thereof, varies between and within different market areas. Especially with regards to threats related to intentional acts, the piqlFilms face a different level of risk depending on the varying degrees of sensitive information stored on them. Broadly speaking, the higher the sensitivity of the information, the higher the potential value and return for a threat actor, and thus the higher the commitment for said threat actor to somehow access or damage the information stored on the Piql Preservation Services, if that is their goal. Having the right security and safety measures in place thus becomes vital for the data owner, and their sophistication must be higher than if the piqlFilms stored less valuable information. It is important to address potential points of vulnerability in the Piql Preservation Services, as these piqlFilms will potentially be subjected to more attempts to compromise CIA – confidentiality, integrity and availability – than others. Additionally, the severity of the loss of information due to unintentional events increases the more sensitive the information stored on the piqlFilms is. Lacking protective measures would thus have far greater consequences where highly sensitive

67

FFI-RAPPORT 16/00707

Made with FlippingBook Online newsletter