The anti-virus update problem provides yet another education and awareness opportunity. Maybe you were skilled or lucky enough that this did not affect your control system at all, or only a portion of the system because of staggered av updates. But if it did, how long would it take you to recover? To make the control system operational again? To have all systems back on line?
The ability to recover is often ignored or not taken seriously in Control System IT because there is a belief that well designed redundancy is sufficient. But a worm or an attack may take out all your systems, so again how fast can you restore or rebuild your cyber systems? Have you actually tried to do this in the last year? Many disaster recovery exercises involving rebuilding systems fail the first try.
In this example, a file was removed and there were a number of ways to restore that file. However when the problem first came up, the McAfee support lines were swamped and getting reliable information was difficult. Depending on the impact to your system, you may have been pressed into rebuilding systems rather than waiting for reliable information.
So look again at your restoration method and MTTR. Rebuilding from scratch by loading the OS, applying service packs and patches, loading software, and loading data is going to take a while. Faster would be recovery from an image. Faster yet would be a virtual machine. There are many more options and combination of approaches, but the key is to know your MTTR and make sure this is acceptable and approved by the right level of management.
Note: MTTR is also referred to as Mean Time To Restore or Mean Time To Repair.