...
Threat and Vulnerability Identification
(see Categories of Harm and Impact Definitions)
Vulnerability | Threat-source | Threat Action | Category of Harm | Likelihood of Occurrence | Impact of Harm | E-signature Cost Benefit Assessment |
|---|---|---|---|---|---|---|
System unavailability | Error, component failure, or act of God | Power failure, network failure, computer component failure, operator error, software failure, capacity constraint, etc. | Inconvenience, distress or damage to standing or reputation | Moderate: failures will happen, but competently managed systems typically have availability records of 99% or better. Agency staff use due diligence to secure systems and reduce vulnerabilities, including daily data backups, etc. | Low: permit processing is not a time-critical operation, and a paper-based alternative will continue to be an option. Even a systemic failure would be a short-term inconvenience. Smaller scale failures, for instance a failure that prevents online access for one user, would be a minor inconvenience. | N.A. (E-signature has no effect, positive or negative, on this vulnerability) |
" | Vandal | Internet security exploit such as denial-of-service attack | Inconvenience, distress or damage to standing or reputation | Low: this is not an high-profile Internet system and should not be a particularly attractive target. Also, if necessary, the system could be hosted in a data center with an incident response capability that could deal with all but the most sophisticated attacks. | Low: even in the event of a systemic failure unavailability would be a short-term inconvenience | N.A. |
System misuse | System administrator, operator, or other agency user | Abuse of insider knowledge and access for unauthorized use or release of information | Unauthorized release of sensitive information | Low: agency staff have significant incentives to behave appropriately and periodic training in ethics and computer security | Moderate: at worst, a release of personal or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with an expected serious adverse effect on organizational operations. | N.A. |
" | " | " | Civil or criminal violations | Low: agency staff have significant incentives to behave appropriately and periodic training in ethics and computer security | Moderate: at worst, a risk of civil or criminal violations that may be subject to enforcement efforts | N.A. |
System compromise | Vandal | Internet security exploit circumventing security controls | Unauthorized release of sensitive information | Low: agency staff use due diligence to secure systems and reduce vulnerabilities. For example, all internet traffic with the system is conducted over a secure (SSL) connection. Also this is not an high-profile Internet system and should not be a particularly attractive target. If necessary, the system could be hosted in a data center with an incident response capability that could deal with all but the most sophisticated attacks. | Moderate: at worst, a release of personal or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with an expected serious adverse effect on organizational operations. | N.A. |
" | " | " | Civil or criminal violations | Low: agency staff use due diligence to secure systems and reduce vulnerabilities. Also this is not an high-profile Internet system and should not be a particularly attractive target. If necessary, the system could be hosted in a data center with an incident response capability that could deal with all but the most sophisticated attacks. | Moderate: at worst, a risk of civil or criminal violations that may be subject to enforcement efforts | N.A. |
Failure to permit | Customer (fisher or processor) | Fisher or processor fails to acquire required permits prior to participating in regulated activities | Harm to agency programs or public interests | Low: commercial fishers and processors know the rules and understand the risks of non-compliance, and the extensive mitigating controls make it difficult to initiate and maintain a commercial operation "below the radar" | Moderate: fishing or processing without agency oversight may facilitate overfishing with significant damage to public interests | N.A. |
Impersonation in registration and/or transactions | Common criminal/identity thief | Impersonation using stolen identity credentials, with fraudulent application, renewal or transfer | Inconvenience, distress or damage to standing or reputation | Low: it would be difficult to initiate and maintain a fraud when there are so many mitigating controls including business licenses, vessel registrations, proof of prior participation in fisheries, and transactions with other permitted parties | Low: impersonated parties would be likely to notice and when detected, the impact could be effectively mitigated | Cost: e-reporting and e-signature present a broader attack surface making impersonation more likely |
" | " | " | Unauthorized release of sensitive information | Low: successful identity theft could result in compromise of sensitive information from the victim's permit records | Low: there isn't a great deal of sensitive information in permit records, and the impact would be limited to the party whose identity has been stolen | Cost: e-reporting and e-signature present a broader attack surface making impersonation more likely |
Impersonation in registration and/or transactions | Disgruntled industry employee or competitor | Impersonation using stolen identity credentials, with fraudulent renewal or transfer, resulting in unwarranted suspension or revocation of an otherwise valid permit | Financial loss | Low: it would be difficult to initiate and maintain a fraud when there are so many mitigating controls including business licenses, vessel registrations, proof of prior participation in fisheries, and transactions with other permitted parties | Moderate: at worst, a serious unrecoverable financial loss to a permit holder, if the event caused an unwarranted suspension or revocation of an otherwise valid permit, and the victim was forced to forgo opportunity to participate in a fishery | No net cost or benefit: vulnerability for an attack by a well-informed party is not significantly different in electronic transactions than it is in paper transactions |
" | " | Impersonation using stolen identity credentials, with fraudulent submission with intent to incriminate or defame victim | Inconvenience, distress or damage to standing or reputation | Low: it would be difficult to initiate and maintain a fraud when there are so many mitigating controls including business licenses, vessel registrations, proof of prior participation in fisheries, and transactions with other permitted parties | Low: impersonated parties would be likely to notice and when detected, the impact could be effectively mitigated | No net cost or benefit: vulnerability for an attack by a well-informed party is not significantly different in electronic transactions than it is in paper transactions |
" | " | " | Unauthorized release of sensitive information | Low: the employee with the means and opportunity already has access to sensitive information and is unlikely to find anything more interesting in permit data | Low: there isn't a great deal of sensitive information in permit records, and the impact would be limited to the party whose identity has been stolen | Cost: e-reporting and e-signature present a broader attack surface making impersonation more likely. Note the increased vulnerability to impersonation when the objective is to retrieve sensitive information, which may involve fewer mitigating controls, and less vulnerability when the objective is to apply for permits or transfer permits, where supporting documentation is usually involved. |
" | Common criminal/identity thief | Impersonation using stolen identity credentials | Civil or criminal violations | Low: it would be difficult to initiate and maintain a fraud when there are so many mitigating controls including business licenses, vessel registrations, proof of prior participation in fisheries, and transactions with other permitted parties | Moderate: at worst, a risk of civil or criminal violations that may be subject to enforcement efforts | Cost: criminal e-signature forgery, falsification or misrepresentation will provide new challenges for enforcement investigation and litigation |
Repudiation to escape accountability | Customer (fisher or processor) | Signer claims "I didn't sign that" | Inconvenience, distress or damage to standing or reputation | Low: in most cases a customer who repudiated an e-signed document submission could then be prosecuted for fishing or processing without proper permits. There will generally be independent evidence of the fishing or processing activity (follow the fish.) | Low: agency might expend effort to resolve, but the distress would be limited and short-term | Cost: despite e-signature's legal standing and agency instructions, there is likely to be a tendency to regard a holographic signature as more significant or more binding. It is likely that the requirement to sign a filing with a holographic signature has more influence on the signer's behavior with respect to their consideration of what they are submitting, their commitment to reporting the truth, and their expectation of being held accountable. Persons signing with an e-signature are likely to understand that it would be difficult to prove what individual executed the e-signature (because credentials are transferable). This is likely to motivate some people to repudiate their e-signature if they are being held accountable for something signed with an e-signature. |
" | " | " | Civil or criminal violations | Low: in most cases a customer who repudiated an e-signed document submission could then be prosecuted for fishing or processing without proper permits. There will generally be independent evidence of the fishing or processing activity (follow the fish.) | Moderate: at worst, a risk of civil or criminal violations that may be subject to enforcement efforts | Cost: criminal e-signature forgery, falsification or misrepresentation will provide new challenges for enforcement investigation and litigation |
Categories of Harm and Impact Definitions for reference
HARM | LOW IMPACT | MODERATE IMPACT | HIGH IMPACT |
|---|---|---|---|
Inconvenience, distress, or damage to standing or reputation | at worst, limited, short-term inconvenience, distress or embarrassment to any party | at worst, serious short term or limited long-term inconvenience, distress or damage to the standing or reputation of any party | severe or serious long-term inconvenience, distress or damage to the standing or reputation of any party (ordinarily reserved for situations with particularly severe effects or which affect many individuals) |
Financial loss | at worst, an insignificant or inconsequential unrecoverable financial loss to any party | at worst, a serious unrecoverable financial loss to any party | severe or catastrophic unrecoverable financial loss to any party |
Agency liability | at worst, an insignificant or inconsequential agency liability | at worst, a serious agency liability | severe or catastrophic agency liability |
Harm to agency programs or public interests | at worst, a limited adverse effect on organizational operations or assets, or public interests. Examples of limited adverse effects are: (1) mission capability degradation to the extent and duration that the organization is able to perform its primary functions with noticeably reduced effectiveness, or (2) minor damage to organizational assets or public interests | at worst, a serious adverse effect on organizational operations or assets, or public interests. Examples of serious adverse effects are: (1) significant mission capability degradation to the extent and duration that the organization is able to perform its primary functions with significantly reduced effectiveness; or (2) significant damage to organizational assets or public interests | a severe or catastrophic adverse effect on organizational operations or assets, or public interests. Examples of severe or catastrophic effects are: (1) severe mission capability degradation or loss of to the extent and duration that the organization is unable to perform one or more of its primary functions; or (2) major damage to organizational assets or public interests |
Unauthorized release of sensitive information | at worst, a limited unauthorized release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in a loss of confidentiality with an expected limited adverse effect on organizational operations, organizational assets, or individuals | at worst, a release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with an expected serious adverse effect on organizational operations, organizational assets, or individuals. | a release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with an expected severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals |
Harm to personal safety | at worst, minor injury not requiring medical treatment | at worst, moderate risk of minor injury or limited risk of injury requiring medical treatment | a risk of serious injury or death |
Civil or criminal violations | at worst, a risk of civil or criminal violations of a nature that would not ordinarily be subject to enforcement efforts | at worst, a risk of civil or criminal violations that may be subject to enforcement efforts | a risk of civil or criminal violations that are of special importance to enforcement programs |