Phase 2: Protect
All vessels
Satisfies:
E26 §4.5.2
E27 §4.1
IMO MSC-FAL.1
BIMCO v4
All vessels
Configuration Backups & Golden Images
Regulatory Context: IACS UR E27 (Section 4.1) mandates the creation and secure storage of backups for all critical systems. This module focuses on the “Golden Image” strategy, ensuring that Category II and III systems can be restored to a “Known-Good” state without internet access.
In the middle of the ocean, a system crash or a ransomware infection can be a life-safety issue. You cannot wait for a technician to fly out with a recovery disk. A Golden Image is a complete “snapshot” of a system—OS, drivers, and OT applications—that allows an ETO to rebuild a workstation in less than 30 minutes.
The 3-2-1 Maritime Backup Rule
Standard IT backup rules must be adapted for the high-vibration and disconnected environment of a ship. While shore-side IT relies on the “Cloud,” a ship must rely on physical air-gapped redundancy. This ensures that even if the entire network is compromised by ransomware, your recovery media remains “invisible” to the virus.
3 Copies
Original data + Local backup + Offline vault.
2 Media Types
SSD/NAS and an Optical Disc or encrypted Tape.
1 Off-Ship
A copy kept at the Home Office (updated annually).
What Needs to be Backed Up?
ETOs often prioritize the AMS server but forget the “glue” that holds the network together:
| Asset Type |
Backup Method |
Frequency |
| HMI/Workstations |
Full “Golden Image” (Full Disk) |
After every major OS/Patch update. |
| PLC/Controllers |
Logic & Project Files (.bin, .pro) |
Whenever code logic is modified. |
| Switches & Firewalls |
Running Configuration (.conf) |
After every VLAN or ACL change. |
Manual Export SOP: Switches, Firewalls & PLCs
OT Managed Switches (Hirschmann/Cisco)
- Login to the Web Interface (HiView/Browser) or Console.
- Navigate to Basic Settings > Load/Save (Hirschmann) or Admin > File Management (Cisco).
- Select “Save Running-Config to PC” via HTTP/HTTPS download.
- Verify the
.cfg or .txt file contains readable logic before storing.
OT Firewalls (FortiGate/mGuard)
- Go to System > Configuration > Backup.
- Select Local PC as the destination.
- Pro Tip: Do not encrypt the backup with a personal password; use the Ship’s Master Password stored in the Physical Safe.
PLC Controllers (Siemens/WAGO/Rockwell)
Note: PLC backups require the specific Engineering Software installed on the Field PG.
- Connect the Field Laptop to the PLC Programming Port.
- Open the Project (TIA Portal/Studio 5000).
- Perform an “Upload from Device” to capture the running logic, including current setpoints and variables.
- Save as a compressed archive (e.g.,
.zap17) on the Offline Vault drive.
Compliance Documentation Previews
Standardized templates and technical logs. View watermarked previews below; premium SOPs and fillable forms require the Pro Bundle.
TAG-OT-LOG-01
Backup & Recovery Log
View Form
ETO Recovery Readiness Checklist
Immutable Offline Storage
Backup drives must be disconnected from the network when not in use. Ransomware cannot encrypt a drive that isn’t plugged in.
Restoration Testing
A backup that hasn’t been tested is not a backup. Once a year, perform a “Mock Recovery” on a spare HDD to ensure the image actually boots.
Pro Tip: The “Cold Spare” HDD. For critical bridge PCs, keep a 1:1 clone of the system drive on a physical HDD stored in the ECR. If the primary drive fails, you simply swap the physical cables—no software recovery required.
Unlock Full Compliance & Intelligence
Upgrade to the TAGSIA Pro Bundle to get all 40+ fillable documents, editable SOPs, and unlimited access to our real-time Threat Intel feed, CVE Library, and Vendor Advisories.
Next Section
Data Diodes & Unidirectional Flows
Phase 2: Protect All vessels Satisfies: E26 §4.2.1 IEC 62443 All vessels Data Diodes & Unidirectional Flows Regulatory ...
