Applied to Issues of Security

Morphological analysis works well with events caused by intentional acts, deliberation and calculation. We have here created our own morphological box adapted to the problem in the report.

The process is separated into two phases: the analysis phase and the synthesis phase. We must begin with the first step of the analysis phase, which is to concisely define the problem. In this report a relevant question/problem would be: What are all intentional threats and challenges that the Piql Preservation Services may face today and for 500 years to come?

The next step is to define the parameters which best characterise the problem we have defined in the preceding step. As we focus on intentional acts, the threats would have to be directed at the Piql Preservation Services itself, apart from nuclear war and terrorism as explained previously.

A logical place to start is therefore to characterise the threat actors with an interest in attacking the Piql Preservation Services, their intentions and capacities.

Hence, the following parameters were defined:

- Actor

- Goal

- Method - Means

The next step is to assign a range of relevant values, or conditions, that each parameter might have. Here it is very important to define the values very clearly. The values should be mutually exclusive and exhaustive for the given parameter in accordance with the problem. We have made broad assumptions and cast wide nets when it comes to our parameters and definitions.

This is because one of the criterions for the parameters is that they should be exhaustive. With such a width of possible threats to so many phases of the Piql Preservation Services, it was necessary to start wide in order to narrow it down in the scenario descriptions. Also, we are using this method to arrive at risk scenarios which describe risks and threat against the Piql Preservation Services system today but also for 500 years to come. Hence, we cannot simply assume that the only methods and means that will be used are ones we know of. The values we have assigned to the parameters are all-encompassing categories, which will be described in the following. For extended definitions, see appendix A.1.

1. Actor: The actor parameter describes the actors who could have the intentions and capacities to pose a threat to the Piql Preservation Services. The relevant values assigned here are:

- State - Network - Company - Individual

2. Goal: The goal parameter specifies the possible goals that a threat actor would hope to achieve, or the incentives for their actions towards the Piql Preservation Services. The relevant values assigned here are:

- Political power - Market power - Economic gain - Idiosyncratic interest

3. Method: The method parameter describes the actions a threat actor would take to achieve their goals. The methods vary regarding how demanding they are to implement, and thus represent different levels of ambition and capacity [39 p.13]. The relevant values assigned here are:

- Physical destruction - Physical manipulation - Logical destruction - Logical manipulation - Insider

4. Means: The means parameter describes the relevant resources a threat actor might employ to implement a given method, their capacities. The specific acts required of the given method are also briefly touched upon. The relevant values assigned here are:

- Conventional weapons - Non-conventional weapons - Hand or power tools - Malicious transmitters - Software tools

- Monetary means

The parameters and corresponding values are summarised in table 6.3 below.

Actor Goal/purpose Method Means

State Political power Physical destruction Conv. weapons

Network Market power Physical manipulation Non-conv. weapons Company Economic gain Logical destruction Hand or power tools Individual Idiosyncratic interest Logical manipulation Malicious transmitters

Insider Software tools

Monetary means Table 6.3 Matrix for analysis of scenario classes of intentional acts

The analysis phase is now completed, and we move on to the first step of the synthesis phase.

First we do a consistency analysis to narrow down the morphological space (all theoretical possibilities that exist in the matrix) to include only plausible ones. The total theoretical possibilities in the matrix here is 4 x 4 x 5 x 6 = 480 theoretically possible combinations. To reduce the complexity of trying to find consistency in all parameter values at once, we evaluate pairings of values separately and compare them one by one. We now have the solution space for the problem. The consistency matrix can be found in appendix A.2.

The next step is to feed this information into an IT tool developed for use in MA at FFI, which finds consistent parings on all four parameters, not just couples of values. We are then presented with the outcome matrix for our problem, which serves as the framework for describing

concrete challenges and risks. The framework in itself is quite generic, i.e. it only includes the main factors needed to describe a completed scenario. The outcome matrix can be found in appendix A.3. Our consistency analysis produced the necessarily large number of 70 consistent solutions on all parameters, i.e. 70 scenarios. This number is perhaps abnormally large for a morphological box this size, but it was to be expected, as the broad definitions of the parameters are made to include so many features. Regardless, it necessitates a reduction by going through the scenarios in search of common denominators in order to put them into scenario classes.

Having done a qualitative evaluation of all the scenarios, we have arrived at the following scenario classes as relevant threats to the Piql Preservation Services. As with the hazards associated to issues of safety, these threats related to issues of security presented in the following will form part of the sample space when the final selection of scenario classes is chosen and the specific scenario descriptions are written out.

Crime:

 Theft

o For profit through own usage/implementation o For profit through sale to third party

 Organised crime

o For profit through own usage/implementation o For profit through sale to third party

 Extortion/Blackmail

o Theft of film with sensitive information for use other than selling film directly Sabotage:

 Of the structural integrity of the building housing the storage facility o Physically damaging the structure, or structural dependencies o Physically damaging the security barriers

 Of the piqlVault system

o Physically damaging the components of the piqlVault system, such as the grid o Logically malware on the EWMS of the piqlVault system to create chaos is the

system.

o Jamming the radio signals.

o Altering the contents of the radio signals to create chaos is the system.

 Of the Piql system production

o Malware which alters information during preparation for printing o Physical damage to the piqlWriter and piqlReader

 Of the piqlFilm

o Physically damaging the piqlFilm, perhaps by tearing it up, cutting away frames or scratching the length of it with a nail.

Espionage:

 Spyware installed in the Piql IT system

 Malicious transmitters from outside the facility Terrorism:

 As revenge on data owner for various (perceived) offending actions

 piqlFilm as collateral damage Armed conflict:

 piqlFilm is the target of a coordinated attack Nuclear war:

 piqlFilm as collateral damage