Part of the RECOVER Playbook ← Return to Hub

Golden Image Management

Recovery Objective:

Maintain a verified “Clean Master Copy” of every critical Category II and III workstation. Goal: Total system restoration in under 30 minutes.

In a Ransomware scenario, we do not waste time “cleaning” files. We nuke and pave. This means wiping the hard drive completely and applying a Golden Image—a pre-configured, hardened, and verified snapshot of the system in its “Factory Clean” state.

What is in a “Golden Image”?

A Golden Image is a clone of the entire environment. For Maritime OT, this includes:

1. The Hardened OS

A Windows or Linux installation with all unnecessary services (Bluetooth, Xbox services, or File Sharing) disabled to reduce the attack surface.

2. Driver Stability

The exact versions of serial-to-USB or PLC interface drivers required for Bridge or Engine hardware communication—pre-loaded and tested.

The 3-2-1 Backup Rule (Maritime Version)

To comply with UR E26 §4.5.1, your Golden Images must be stored following this protocol:

3
Copies

Redundancy: Keep at least three copies (The original, a local ECR backup, and a shore-side copy).

2
Media

Media Types: Store images on two different media (e.g., Internal Server SSD and an External Ruggedized Drive).

1
Offline

Air-Gapped: At least one copy must be physically disconnected from the network at all times (Locked in the safe).

Audit Readiness: Image Inventory

Surveyors require proof of “Recovery Maturity.” Use the following tracking structure for all Category II and III assets:

Asset ID Last Image Date Physical Location SHA-256 Hash
ECDIS-MASTER-01 2026-02-15 ECR Safe #2 a3f2...9b1c
AMS-WORKSTATION 2026-01-10 Server Room e911...4db2

Critical ETO Warning:

Never store your Golden Images on a drive that is permanently mapped (assigned a drive letter) to the network. Ransomware is designed to find and encrypt these first. Disconnect after sync.

Next Section

Offline Backup Verification

Offline Backup Verification Recovery Objective: Ensure the "Last Line of Defense" is physically secure, uncorrupted, and...

Scroll to Top