Recover: Restoration & Resilience
IACS UR E26 Control 4.5: Recovery of Essential Services
The road back to “Business as Usual.” Recovery is the process of restoring compromised systems from verified backups and learning from the event. This phase ensures that the vessel is not only restored but is more resilient than it was before the attack.
Recovery is a race against the clock. Every hour a vessel is “degraded” is an hour of increased operational risk. This phase focuses on Immutable Backups and a Sanitized Re-entry—ensuring that we don’t accidentally re-infect the network during the restore process.
Core Concept: The Clean-Room Restoration
Restoring systems in a “Sandbox” environment to verify they are free of malware before plugging them back into the ship’s main OT network.
Backup & Restore
Maintaining “Golden Images” and executing the technical restoration of Category II and III assets.
Forensic Clean-Up
Verifying system integrity and scanning restored data for hidden backdoors before full re-activation.
Post-Incident Review
The “Lessons Learned” phase. Updating risk assessments and security controls based on the incident findings.
Resilience Tip for ETOs:
A backup is only as good as its last Restore Test. Every quarter, pick one non-critical workstation and perform a full restore from your “Golden Image” to ensure the process actually works in the middle of the ocean.