ICS in OT have achieved very high availability due to redundancy. This high availability decreases the frequency that backups are needed for recovery, and this often leads to less rigor in the backup process.
This week’s task is to verify you can answer yes to the following questions:
- Do you have the backups needed if all OT cyber assets need to be rebuilt? Don’t forget your PLC firmware and logic. Don’t forget your supporting systems, network infrastructure, and applications.
- Are your backups stored in a manner that an attacker or a fire where the cyber assets are located can’t also destroy the backup? At a minimum a periodic backup should be stored off network and off site.
- Are you sure you can restore from backup? Sometimes the tooling is unavailable. Sometimes the data wasn’t being backed up at all or properly. When was the last time you tested the backup?
If you can’t confidently answer yes to these three questions, create and assign tasks to get to yes.
Note: I still see many asset owners using primitive and labor intensive backup and recovery methods. Consider having a discussion with your IT department to see if a technology upgrade would improve the reliability and efficiency of your backup and recovery.
Cyber Asset | Backup | Secure | Recovery Tested