Part of the RECOVER Playbook ← Return to Hub

Golden Image Management

Recovery Objective: To maintain a “Clean Master Copy” of every critical Category II and III workstation, allowing for a total system wipe and reinstall in under 30 minutes.

In a Ransomware scenario, we do not waste time “cleaning” files. We nuke and pave. This means wiping the hard drive completely and applying a Golden Image—a pre-configured, hardened, and verified snapshot of the system in its “Factory Clean” state.

What is in a “Golden Image”?

A Golden Image is not just a backup of data; it is a clone of the entire environment. For Maritime OT, this includes:

1. The Hardened OS

A Windows or Linux installation with all unnecessary services (like Bluetooth, Xbox services, or File Sharing) already disabled.

2. Driver Stability

The exact versions of serial-to-USB or PLC interface drivers required for the Bridge or Engine hardware to communicate.

The 3-2-1 Backup Rule (Maritime Version)

To comply with UR E26 §4.5.1, your Golden Images must be stored following this protocol:

3

Copies: Keep at least three copies of the Golden Image (The original, the local backup, the shore-side copy).

2

Media: Store images on two different media types (e.g., an internal SSD and a dedicated external Forensic Drive).

1

OFFLINE: At least one copy must be physically disconnected from the network at all times (The “Air-Gapped” copy).

Audit Evidence Preparation

During an inspection, the surveyor will look for your Backup Inventory. You should be able to produce a sheet (physical or digital) that shows:

  • Asset Name: (e.g., ECDIS-MASTER-01)
  • Last Image Date: (Should be updated after any major software change/patch).
  • Storage Location: (e.g., Secure Safe in Captain’s Cabin).
  • Checksum/Hash: A unique digital fingerprint to prove the image hasn’t been tampered with.

ETO Warning:

Never store your Golden Images on a drive that is permanently mapped (assigned a drive letter) to the network. Ransomware is designed to find and encrypt these first.

Next Security Phase

Offline Backup Verification

Offline Backup Verification Recovery Objective: To ensure the "Last Line of Defense" (the offline backup) is physically secure, uncorrupted, and ready for deployment without shore-side assistance. An "Offline Backup" is only truly offline if it requi...

Continue to Offline Backup Verification →
Scroll to Top