Part of the PROTECT Playbook ← Return to Hub

Configuration Backups & Golden Images

Regulatory Context: IACS UR E27 (Section 4.6) mandates the creation and secure storage of backups for all critical systems. This module focuses on the “Golden Image” strategy, ensuring that Category II and III systems can be restored to a “Known-Good” state without internet access.

In the middle of the ocean, a system crash or a ransomware infection can be a life-safety issue. You cannot wait for a technician to fly out with a recovery disk. A Golden Image is a complete “snapshot” of a system—OS, drivers, and OT applications—that allows an ETO to rebuild a workstation in less than 30 minutes.

The 3-2-1 Maritime Backup Rule

Standard IT backup rules must be adapted for the high-vibration and disconnected environment of a ship. While shore-side IT relies on the “Cloud,” a ship must rely on physical air-gapped redundancy. This ensures that even if the entire network is compromised by ransomware, your recovery media remains “invisible” to the virus.

3 Copies

Original data + Local backup + Offline vault.

2 Media Types

SSD/NAS and an Optical Disc or encrypted Tape.

1 Off-Ship

A copy kept at the Home Office (updated annually).

What Needs to be Backed Up?

ETOs often prioritize the AMS server but forget the “glue” that holds the network together:

Asset Type Backup Method Frequency
HMI/Workstations Full “Golden Image” (Full Disk) After every major OS/Patch update.
PLC/Controllers Logic & Project Files (.bin, .pro) Whenever code logic is modified.
Switches & Firewalls Running Configuration (.conf) After every VLAN or ACL change.
Manual Export SOP: Switches, Firewalls & PLCs

OT Managed Switches (Hirschmann/Cisco)

  1. Login to the Web Interface (HiView/Browser) or Console.
  2. Navigate to Basic Settings > Load/Save (Hirschmann) or Admin > File Management (Cisco).
  3. Select “Save Running-Config to PC” via HTTP/HTTPS download.
  4. Verify the .cfg or .txt file contains readable logic before storing.

OT Firewalls (FortiGate/mGuard)

  1. Go to System > Configuration > Backup.
  2. Select Local PC as the destination.
  3. Pro Tip: Do not encrypt the backup with a personal password; use the Ship’s Master Password stored in the Physical Safe.

PLC Controllers (Siemens/WAGO/Rockwell)

Note: PLC backups require the specific Engineering Software installed on the Field PG.

  1. Connect the Field Laptop to the PLC Programming Port.
  2. Open the Project (TIA Portal/Studio 5000).
  3. Perform an “Upload from Device” to capture the running logic, including current setpoints and variables.
  4. Save as a compressed archive (e.g., .zap17) on the Offline Vault drive.

Compliance Documentation Previews

Standardized templates and technical logs. View watermarked previews below; premium SOPs and fillable forms require the Pro Bundle.

TAG-OT-LOG-01
Backup & Recovery Log
View Form
TAG-OT-SOP-RECOVERY
Cloning Guide (Rescuezilla)
Unlock with Pro Bundle
ETO Recovery Readiness Checklist
Immutable Offline Storage

Backup drives must be disconnected from the network when not in use. Ransomware cannot encrypt a drive that isn’t plugged in.

Restoration Testing

A backup that hasn’t been tested is not a backup. Once a year, perform a “Mock Recovery” on a spare HDD to ensure the image actually boots.

Pro Tip: The “Cold Spare” HDD. For critical bridge PCs, keep a 1:1 clone of the system drive on a physical HDD stored in the ECR. If the primary drive fails, you simply swap the physical cables—no software recovery required.

Unlock Full Compliance & Intelligence

Upgrade to the TAGSIA Pro Bundle to get all 40+ fillable documents, editable SOPs, and unlimited access to our real-time Threat Intel feed, CVE Library, and Vendor Advisories.

Upgrade to Pro Bundle
Includes Unlimited Intel Search
Instant access to IACS E26/E27 Templates

Next Section

Data Diodes & Unidirectional Flows

Data Diodes & Unidirectional Flows Regulatory Context: IACS UR E26 (Section 4.2.3) emphasizes the need for high-integrit...

Login
Login
Scroll to Top