Answer these questions:

- How long would it take you to completely restore the minimum number of servers and workstations required to run your SCADA or DCS?

- How confident are you in the answer above?

- When was the last time you tested a complete restore (operating system, applications, configuration, data) of a key server? Can you do it or do you need the SCADA vendor’s help?

SCADA systems are known for their redundancy. Realtime servers and historians typically are run in a failover configuration, and many SCADA systems have another set at a backup control center. This gives a false sense of security, and we often find that backup and restoration have been given short shrift. The answers to the above questions are frequently unknown or said with the less than required degree of confidence.

Why worry with all this redundancy?

A worm or other cyber attack that can take out one of your real-time servers is likely to take out all of the servers because they are identical. This would be a bad time to learn that you should have been imaging the servers and testing restores. It could be the difference between a couple of hours of outage and a couple of days.

The good news is this is not a difficult or expensive problem. Just something that isn’t typically done until you’ve been burned.

If you have systems that are at high risk to being compromised by a worm, maybe because they can’t be patched or are exposed, you may want to consider a cold standby system. A cold standby system could be a real-time server, historian, and a couple of HMI’s that are not connected to the network. Very important to keep them disconnected, or they will be exploited as well. Old hardware may still be good enough for a cold standby system.

In the event of a catastrophe, disconnect the enterprise/SCADA firewall, disconnect all compromised systems (with a worm you can’t even miss one), connect and power on the cold standby systems, and you have recovered. Management might feel better about that vulnerable, unpatchable system if they know the tested recovery time is ten minutes.