Operational Continuity

In a recent speech, Omar Sherin of the Qatar

CERT, shared how they shifted their focus from

protection and detection to response in the wake

of Shamoon, one of the largest cyber-attacks

in recent years. His advice to those operating

industrial controls is simple: assume you will be

attacked and plan how you will recover.

The issue is simple; uptime and system reliability are paramount concerns for industrial control system (ICS) owners and operators. Varying levels of backup and recovery strategies should be reviewed per facility, per system and per device to ensure that operations are sufficiently prepared for the worst case scenario: downtime. Downtime can come in many forms: single point hardware failure, configuration change error, cybersecurity attack and physical events such as fire, flood or other natural disasters. Each case presents the same challenge, mobilizing resources to get systems restored to a known good state and running again. Sherin, cited above, lived through the massive cyber-attack waged against

Operational Continuity

Achieve Maximum Uptime

Building Operational Continuity

True operational continuity begins with backing up critical systems and ends with successful and timely restoration of those systems post outage. Industrial Defender ASM is a critical platform providing a single, unified view of an organization’s fleet of industrial control systems. Maximum uptime is required to ensure the integrity of the critical information gathered in the the Industrial Defender ASM including security events, device configurations compliance reports, and change history. To that end we have developed a full suite of products and services that address the unique challenges facing industrial control systems:

• Industrial Defender ASM-HA Customer owned and managed, this product ensures data integrity and zero data loss with automatic fail over.

• Industrial Defender ASM-BR Customer owned and operated, this storage device allows for local, bare metal restoration of Industrial Defender ASM as well as self-managed file level backup and recovery in case of configuration change errors or hardware failure.

• Industrial Defender Survive Backup and Recovery Managed service that verifies backups daily, remediates failures and manages the restoration process when needed as an extension of your team.

major oil and energy companies in the Middle East in 2012. With over 30,000 computers damaged, Sherin says a carefully planned and tested response plan is needed. The way to minimize damage is to be prepared for the worst.

While those operating control systems have long understood the relationship between safety, reliability, and uptime, few have truly experienced what a major cyber disruption of the corporate network, or worse, the industrial control systems would mean for plant safety and service. Lockheed Martin recognizes that backup and recovery for ICS is no simple task. We’ve structured our product and services to assist your organization in building a comprehensive disaster recovery plan.

Customer-Managed Industrial Defender ASM™ Product Suite

Unplanned outages in control systems environments running mission critical applications is your worst-case scenario. The Industrial Defender ASM-HA™ option turns a pair of collocated appliances into a single fault-tolerant, high availability system. The solution delivers business continuity to ensure compliance with both internal policies and external regulations. Industrial Defender ASM-HA runs two applications images in real time, replicating all network and disk I/O, providing protection against failures of disks, network interfaces, or entire servers without loss of data, ensuring data integrity and supporting local business continuity objectives.

Network

Device PerimeterDevice Server PLC IED RTU Client

ASM

ASA

ASA

ASM

Industrial Defender Backup and Recovery (ASM-BR) provides rapid bare metal restoration of operating systems, applications, files and data.

Industrial Defender ASM-BR™ has been engineered to enable bare metal restoration of the Industrial Defender ASM in support of an organization’s disaster recovery plan. The platform enables asset owners and operators to achieve maximum plant uptime, meet compliance mandates, and reduce security exposures.

Industrial Defender ASM-BR includes both hardware and recovery software necessary to ensure that all critical data is securely protected. Data is stored on a rack mount Network Attached Storage (NAS) device with 12 TB disk storage enabling full image backup for bare metal restoration. This restoration is a copy of the original Industrial Defender ASM.

Network

Device PerimeterDevice Server PLC IED RTU Client

ASM

ASA

ASA

ASM

Device PerimeterDevice Server PLC IED RTU Client

ASM-BR

ASM

ASA

ASA

Operators can schedule backup time and frequency. Both full and incremental backups can be scheduled. Time to recover and restore backups varies depending on a number of factors including: time spent on initial diagnosis, troubleshooting, replacement hardware staging, amount of data to restore, and network speed.

Features:

• Fast and simple complete disk image backup and recovery

• Allows for easy bare metal recovery to the same hardware, different hardware or virtual machine

• Backup and recovery of individual folders or network shares

• Recover individual files and folders from image backup

• Convert backups to virtual machine formats

• Secure backups with 256-bit AES encryption

Benefits:

• Rapid restoration of operating systems, applications, files and data

• Increased resiliency of data and systems

• Enables backup restoration capabilities for Industrial Defender ASM

• File versioning available for point in time restoration based on customer defined retention level

Industrial Defender-Managed Backup and Recovery Service

Industrial Defender Survive™ Onsite and Survive™ Offsite backup services are a secure, agentless backup solution for cyber assets in the control system environment. The service creates a full image backup of your Industrial Defender ASM to the appliance, a local storage device within the control system, allowing for a bare metal restoration of your Industrial Defender ASM in the event of a hardware failure. Additionally the service backs up configuration settings, software, files, directories, and databases for cyber assets including servers, switches, firewalls, engineering workstations, HMIs and industrial end points including PLCs, IEDs and RTUs.

Data is encrypted at every stage of the process and only the customer holds the decryption key. Our team of experienced ICS security professionals monitor daily backup verification, manage incident response and support recovery and restoration in the event of an unplanned outage. Centralized logging of backups and alerts are easily accessible through Industrial Defender ASM, supporting compliance requirements.

SURVIVE™ ONSITE

Network

Device PerimeterDevice Server PLC IED RTU

Client Server Client

ASM

ASA ASA

SURVIVE™ OFFSITE

Network

Device PerimeterDevice

PLC IED RTU

ASM

ASA ASA

Onsite Features:

• Bare metal restore of Industrial Defender ASM from Survive Appliance • Daily backup verification, remediation and restoration support • Restoration to a point in time

• Encrypted in storage • Compliance reporting • Agentless • Compression • De-duplication • Autonomic healing Offsite Features:

• Bare metal restore of Industrial Defender ASM from Survive Appliance • Daily backup verification, remediation and restoration support • Restoration to a point in time

• Encrypted in-flight and in storage • Compliance reporting • Agentless • Compression • De-duplication • Autonomic healing • WAN optimized

• Storage at SSAE/16 certified Data Center

• Offsite backups support recovery if primary site suffers catastrophe

SURVIVE APPLIANCE SURVIVE APPLIANCE

Why Industrial Defender Solutions

OpeRAtIOnAl COntInuIty SOlutIOn

• Industrial Defender Survive™ Services provide backup of data critical

to your operations

• Clients, Servers, Network Devices, Perimeter Devices, and Industrial Defender ASM • End-point configuration data, software, files, databases, and directories

• Centralized logging of backups and alerts

• Custom versions and generations to scale to your needs.

expeRIenCeD teAM

• Experienced ICS security professionals monitor and manage:

• Daily Backup Verification • Incident Response • Recovery and Restoration

• Decade of proven experience monitoring and managing cyber security for industrial control systems around the globe

SeCuRe DelIveRy

• Low-touch agentless solution

• Non-invasive installation, troubleshooting, upgrading, diagnosis

SeCuRe DAtA

• Data is securely encrypted from end-to-end. Only the customer holds the encryption key.

• Data stored in SSAE/16 Type II data center. (Industrial Defender Survive Offsite)

Industrial Defender Survive Offsite service provides an additional layer of protection. Backups are stored in our secure SSAE/16 certified data center. If your primary site suffers a catastrophe, files can be restored from our site to yours with the assistance of our qualified team. Data is encrypted from end-to-end.

Service Benefits

• Prevent loss of critical data

• Maximize operational uptime

• Ensure regulatory compliance

• Reduce the costs of downtime

• On-demand backup per incident for forensics

• Outsource backup management so key operations staff can focus on availability and uptime.

Industrial Defender Solutions 16 Chestnut Street, Suite 300 Foxborough, MA, USA, 02035 Phone: +1-508-718-6700

The Industrial Defender Difference

As part of Lockheed Martin, Industrial Defender solutions deliver cybersecurity, compliance and change management for industrial control systems (ICS). Over the last decade, the organization has successfully developed and delivered a single unified platform to secure and manage heterogeneous control environments for critical infrastructure operations. Our flagship product, Industrial Defender Automation Systems Manager™ (ASM), has become the de facto standard to ensure the availability and reliability of key industrial processes amid escalating cyber threats, increasing regulatory burdens and accelerating ICS management challenges. Over 400 companies in 25 countries rely on Industrial Defender solutions to reduce costs, manage risks and enhance operational excellence.

Conclusion

Maximum uptime. It’s been said that OT (operational technology) is IT (information technology) with consequences. Downtime is costly and can directly impact quality of life for customers as well as public safety. Viewing a comprehensive solution set as a sustainable services program can help to develop the continuity strategy that best fits your organization. To be prepared organizations must:

1. Start by taking inventory of key systems and applications that are critical to operations.

2. Each system, application and data set must be identified, prioritized and assigned an RTO (recovery time objective) and RPO (recovery point objective).

3. Identify risks to the environment from common place to worst case.

4. Review processes, physical equipment and procedures currently in place to address each scenario. Conduct resource gap analysis for procedure execution. Resources can be equipment, facilities, staff and/or skill sets. 5. Prioritize areas needing support and research solutions.