Attack 9 - Physical Destruction of the Database
Our protection against that will be based on the same provisions we need to make for multiple redundancy in order to avoid any possibility of "downtime". The database will be cloned across several sites in several countries. Its WORM sources will be similarly cloned, probably to a different selection of sites. Each site will be selected to meet at least reasonable security standards although we needn't demand Fort Knox levels of physical security, trusting instead to numbers to provide protection. Granted, a sophisticated and co-ordinated military attack could be simultaneously launched against all 15 (or whatever) sites but this implies the actions of a seriously hostile government rather than mere counterfeiters, or even the more serious elements of organised crime. If we ever face that sort of attack, we think we'll have more to worry about than the integrity of A1 data.
The only other physical threat which could take out all the data simultaneously would be a major asteroid strike and, again, we think we'd have other things on our minds in those circumstances!
With these measures in place, and any others that the security specialists recommend, we think we'll be able to achieve our ambitious target: to make - and claim - the A1 database to be the safest and most trusted commercial online database in the world.