A common fault in control system security programs is in recovery of cyber assets. The redundancy gives a false sense of security, and the questions “can you rebuilt this server” or “when was the last time you rebuilt this server” often go back to the vendor initial build or vendor assistance.

Recovery is usually harder and more time consuming than you think it will be. Coming from S. Florida a lot of businesses, especially banks, test their disaster recovery/hurricane plans and often have lessons learned every time they do it.

I have a mini first hand experience that many of you have probably also experienced – the loss of my primary laptop – and it proves the point that recovery merits attention. I have a Mac Air and use the Time Machine utility to back up every hour when I’m at home base. On occasion I have retrieved files from the Time Machine, but never been without my Air.

Then the hinge that keeps the display upright broke. Fortunately it was covered by Apple, but it meant being without the computer for up to two weeks. I had spare hardware – a MacBook Pro, and this is another thing to think about it your recovery plan. So with the data still accessible on my primary system, a backup, and spare hardware, everything was looking good. And everything worked fine.

The issue that surprised me was the time. When it came to scrubbing my primary system for turn in, recovering to the spare hardware, and minimal testing, it took about four hours. Now in an emergency I could have had access to specific applications or files faster. But the lessons here are:

  • do you know how long recovery will take?
  • are you sure of this time estimate? Have you tested it? Do you have the required software and hardware to recover?
  • and is this recovery time acceptable to the business? If not there are ways to reduce recovery time at a cost.

It made me think again that maybe I should be running my primary, everyday system on a virtual machine.