Scenario justification
Justification: As with theft done by an individual, depending on the sensitivity and value of the information stored on the piqlFilms in question, a more organised form of crime is likely to target the Piql Preservation Services. This can include mafia groups, drug cartels or human traffickers. The information on the PiqlFilm could be of such a nature that the networks in question can profit directly from their knowledge thereof; they can sell it to a third party (on order); or they can use the information to extort other individuals. Whatever the motivation, this is a risk the Piql Preservation Services needs to be aware of.
Purpose: Regardless of their contents, the piqlFilms will always be much more vulnerable when they are out in the open, i.e. when they are not in a controlled environment such as the
production site and the storage facility. The transportations phase between the two is thus a time when the piqlFilms are especially vulnerable. If the information stored in addition is such that someone can stand to profit from their possession, then theft during this phase is a real risk.
Benefit: This scenario serves to illustrate just such a scenario: One where a group with knowledge of the piqlFilms’ contents and the means to pull off a major heist, who has studied the operations of the Piql PS and identified the transportation phase as the most likely point of success. To arrange for continuous security is therefore important, not just while the piqlFilms are produced or while they are in storage.
Scenario outline
The scenario is set in the geographical zone South (South America). While finished piqlFilms containing personal data, including social security numbers, are transported from the production site to the designated storage facility, the truck is robbed by a street gang with connections to a drug cartel. The truck makes its way along its route without incident, but when it stops at the delivery site to unload its contents, it is overrun by assailants. A gang of four masked persons overpowers the driver and the additional guard. They are forced, on pain of death, to give up the code to the truck’s loading area. The gang makes away with the piqlFilms, with the intent to sell them to a potential buyer who had contacted them with an interest in ID theft. Upon receiving thus lucrative offer, the group starts to meticulously plan their attack. They do surveillance on the Piql partner to learn their routines and find weaknesses, which leads them to learn when and how to strike in order to succeed in their theft.
Cause Type of risk (Hazard/Threat)
Threat: Theft of personal data on piqlFilm committed by a street gang with connections to a drug cartel with the intent to sell to a third party.
Intentional
(Yes/No/Both) Yes.
Profile of actor (if intentional)
The drug cartel is based in South America. Their modus operandi involves ruthless tactics and a ―kill first, ask questions later‖ mentality.
They believe there is strength in numbers and a great deal of firepower.
They must portray an image of strength and power to remain on top in a harsh reality where other groups are ready to take the top spot at a moment’s notice.
Description of cause
The drug cartel gets most of its revenue from the production and sale of cocaine, but it is always looking for new opportunities of profit-making.
These sorts of operations are their source of income. Hence, when the cartel is contacted by a third party interested in personal data to use in his/her organisation of ID theft, the cartel jumps at the opportunity. After a brief look at the operations of the Piql partner to assess the difficulty of the mission, they decide to take the job. The motivation is the short-term financial reward, as well as the possibility to expand their outfit
permanently to include ID theft.
Competence and resources (if intentional)
As one of the most powerful gangs is the area, with a good foothold in and much support from society, the cartel has access to all the relevant material they need, including weapons, etc. The heist took some
planning, which for this organised crime syndicate, was an easy matter as they can work as a team and assign tasks within the group.
User/value
User class Public sensitive.
User type Public registry of personal data.
Value Personal data, including social security numbers. The dissemination of such information is strictly regulated, due to its vulnerability of abuse and how it can cause complications for the individuals who are targeted.
Location
Location description
Geographical zone: South (South America). The region has historically been plagued by gang activity, especially related to the production and sale of narcotics, as the continent’s climate and topography provide good conditions for growing these plants. Though the developmental level of the continent is medium and the political climate is for the most part stable, some regions, particularly urban areas, see a lot more violence, poverty and destitution than others.
Both the production site and the storage facility are centrally located in a major city, right in the city centre.
The scenario takes place in the present. The time period is 0-30/50 years,
as the value is time-sensitive, i.e. only for as long as the persons whose identities are stolen are alive. The scenario is also a risk for the future, so long as a profit can be made from ID theft.
Environment description
The climate zone is a humid subtropical climate. As it is summer, near the end of January, the local weather conditions are hot and humid: 32°
Celsius with a relative humidity of 89 %.
The incident occurs in the middle of the day, not during the morning or afternoon rush. This suits the drug cartel well, as they wouldn’t prefer to attack the truck when there are lots of people around.
Transport description
The scenario takes place during transportation of the piqlFilm. The setting is therefore the armoured truck, a veritable vault on wheels.
Local safety
measures As the incident takes place during transportation, this is not relevant.
Local security measures
The elements of the security regime defined for the purposes of the assessment are in place.
Consequences
Outer building
As the incident takes place during transportation, the effect on the infrastructure of the building housing the Piql Preservation Services is not relevant.
Transport
Here: The armoured truck. The structural integrity of the truck is not damaged, but the integrity of the security regime is compromised when the guards are unable to fend off the assailants. The guards are forced at gunpoint to first unlock the holding area and then give up the PIN code that unlocks the safe, enabling the assailants to get away with the piqlFilms in question.
Box The piqlBox is not affected during the theft.
Film The piqlFilms in question are not damaged, but they are removed without authorised permission.
Power/energy supply
As the incident takes place during transportation, the effect on the power supply to the building housing the Piql Preservation Services is not relevant.
Divergence from ISO standard
As the incident takes place during transportation, the storage conditions in the piqlVault are not relevant.
Security mechanisms
Integrity
As the piqlFilms are not damaged during the incident, the data, though stolen, is not lost in the sense that it is altered. The integrity of the piqlFilms remains intact.
Availability The availability of the piqlFilms is compromised, as the information stored on them is no longer accessible to the data owner.
Confidentiality
Most importantly for the data owner, the confidentiality of the information stored on the PiqlFilms was irrevocably compromised, as another actor who absolutely should not have had access to its contents did gain access. The loss of confidentiality comes at a cost to a great many people whose identities are now at the risk of being misused.
Immunity (against attacks on the above mentioned)
The Piql Preservation Services is not immune to attacks on availability and confidentiality.
Recommendations
Recommended protective measures
It is difficult to give a general recommendation which can be applied to all situations involving theft during transportation. There is the general need to assess ones surroundings and implement the security strategy accordingly. In the scenario here, the transportation takes place in an area where there is a lot of gang activity. Here, it would perhaps be prudent to raise the level of security. Another more general recommendation can be changing the routes of the transportation from day to day so as to take away the assailants ability to plan precisely where to stage the attack.
References
Relevant literature [84] Security Incorporated Corp. (n.d.), Armored Transport Service
B.8 Sabotage