Recover: Restoration & Resilience
IACS UR E26 Control 4.5: Recovery of Essential Services
The road back to “Business as Usual.” Recovery is the process of restoring compromised systems from verified backups and learning from the event. This phase ensures that the vessel is not only restored but is more resilient than it was before the attack.
Phase Objective: The Clean-Room Restoration
Recovery is a race against the clock. We focus on Immutable Backups and Sanitized Re-entry—restoring systems in a “Sandbox” to ensure we don’t accidentally re-infect the OT network.
Backup & Restore
Maintaining “Golden Images” and executing the technical restoration of Category II and III assets.
Forensic Clean-Up
Verifying system integrity and scanning restored data for hidden backdoors before full re-activation.
Post-Incident Review
The “Lessons Learned” phase. Updating risk assessments and security plans based on the incident findings.
Resilience Tip for ETOs:
A backup is only as good as its last Restore Test. Every quarter, pick one non-critical workstation and perform a full restore from your “Golden Image” to ensure the process actually works in the middle of the ocean.