Solution Brief Operational Continuity Achieve Maximum Uptime In a recent speech, Omar Sherin of the Qatar CERT, shared how they shifted their focus from protection and detection to response in the wake of Shamoon, one of the largest cyber-attacks in recent years. His advice to those operating industrial controls is simple: assume you will be attacked and plan how you will recover. Plan how you will recover. The issue is simple; uptime and system reliability are paramount concerns for industrial control system (ICS) owners and operators. Varying levels of backup and recovery strategies should be reviewed per facility, per system and per device to ensure that operations are sufficiently prepared for the worst case scenario: downtime. Downtime can come in many forms: single point hardware failure, configuration change error, cybersecurity attack and physical events such as fire, flood or other natural disasters. Each case presents the same challenge, mobilizing resources to get systems restored to a known good state and running again. Sherin, cited above, lived through the massive cyber-attack waged against 1
major oil and energy companies in the Middle East in 2012. With over 30,000 computers damaged, Sherin says a carefully planned and tested response plan is needed. The way to minimize damage is to be prepared for the worst. While those operating control systems have long understood the relationship between safety, reliability, and uptime, few have truly experienced what a major cyber disruption of the corporate network, or worse, the industrial control systems would mean for plant safety and service. Lockheed Martin recognizes that backup and recovery for ICS is no simple task. We ve structured our product and services to assist your organization in building a comprehensive disaster recovery plan. Customer-Managed Industrial Defender Product Suite Industrial Defender High Availability (-HA) ensures data integrity and zero data loss with automatic fail over. Unplanned outages in control systems environments running mission critical applications is your worst-case scenario. The Industrial Defender -HA option turns a pair of collocated appliances into a single faulttolerant, high availability system. The solution delivers business continuity to ensure compliance with both internal policies and external regulations. Industrial Defender -HA runs two applications images in real time, replicating all network and disk I/O, providing protection against failures of disks, network interfaces, or entire servers without loss of data, ensuring data integrity and supporting local business continuity objectives. Perimeter DASHBOARD Server Client Building Operational Continuity True operational continuity begins with backing up critical systems and ends with successful and timely restoration of those systems post outage. Industrial Defender is a critical platform providing a single, unified view of an organization s fleet of industrial control systems. Maximum uptime is required to ensure the integrity of the critical information gathered in the the Industrial Defender including security events, device configurations compliance reports, and change history. To that end we have developed a full suite of products and services that address the unique challenges facing industrial control systems: Industrial Defender -HA Customer owned and managed, this product ensures data integrity and zero data loss with automatic fail over. Industrial Defender -BR DASHBOARD Customer owned and operated, this storage device allows for local, bare metal restoration of -BR Industrial Defender as well as self-managed file level backup and recovery in case of configuration change errors or hardware failure. Industrial Defender Survive Backup and Recovery Managed service that verifies backups daily, Perimeter remediates failures Server and manages Client the restoration process when needed as an extension of your team. 2
Industrial Defender Backup and Recovery (-BR) provides rapid bare metal restoration of operating systems, applications, files and data. Industrial Defender -BR has been engineered to enable bare metal restoration of the Industrial Defender in support of an organization s disaster recovery plan. The platform enables asset owners and operators to achieve maximum plant uptime, meet compliance mandates, and reduce security exposures. Industrial Defender -BR includes both hardware and recovery software necessary to ensure that all critical data is securely protected. Data is stored on a rack mount Attached Storage (NAS) device with 12 TB disk storage enabling full image backup for bare metal restoration. This restoration is a copy of the original Industrial Defender. Customer-Managed, Highly Configurable Operators can schedule backup time and frequency. Both full and incremental backups can be scheduled. Time to recover and restore backups varies depending on a number of factors including: time spent on initial diagnosis, troubleshooting, replacement hardware staging, amount of DASHBOARD data to restore, and network speed. Features: Fast and simple complete disk image backup and recovery Allows for easy bare metal recovery to the same hardware, different hardware or virtual machine Backup and recovery of individual folders or network shares -BR Recover individual files and folders from image backup Convert backups to virtual machine formats Secure backups with 256-bit AES encryption Benefits: Rapid restoration of operating systems, applications, files and data t Perimeter Server Client Increased resiliency of data and systems Enables backup restoration capabilities for Industrial Defender File versioning available for point in time restoration based on customer defined retention level Limited resources and a growing threat landscape leave organizations scrambling to implement, monitor and manage an effective backup program that supports their ever-changing automation environment. Not to be overlooked executing backup verification tracking and compiling needed reporting to meet regulatory compliance mandates is time intensive. Technology is only part of the soluiton. Organizations are actively looking to tackle these challenges with skilled resources familiar with industrial control systems and turning to Lockheed Martin s Industrial Defender Solutions for assistance with daily backup verification and remediation support. 3
Industrial Defender-Managed Backup and Recovery Service Survive Backup and Recovery Services Industrial Defender Survive Onsite and Survive Offsite backup services are a secure, agentless backup solution for cyber assets in the control system environment. The service creates a full image backup of your Industrial Defender to the appliance, a local storage device within the control system, allowing for a bare metal restoration of your Industrial Defender in the event of a hardware failure. Additionally the service backs up configuration settings, software, files, directories, and databases for cyber assets including servers, switches, firewalls, engineering workstations, HMIs and industrial end points including PLCs, IEDs and RTUs. Data is encrypted at every stage of the process and only the customer holds the decryption key. Our team of experienced ICS security professionals monitor daily backup verification, manage incident response and support recovery and restoration in the event of an unplanned outage. Centralized logging of backups and alerts are easily accessible through Industrial Defender, supporting compliance requirements. SURVIVE ONSITE SURVIVE OFFSITE SURVIVE APPLIANCE SURVIVE APPLIANCE ID DATA CENTER Perimeter Server Client Perimeter Server Client Onsite Features: Bare metal restore of Industrial Defender from Survive Appliance Daily backup verification, remediation and restoration support Restoration to a point in time Encrypted in storage Compliance reporting Agentless Compression De-duplication Autonomic healing Offsite Features: Bare metal restore of Industrial Defender from Survive Appliance Daily backup verification, remediation and restoration support Restoration to a point in time Encrypted in-flight and in storage Compliance reporting Agentless Compression De-duplication Autonomic healing WAN optimized Storage at SSAE/16 certified Data Center Offsite backups support recovery if primary site suffers catastrophe 4
Industrial Defender Survive Offsite service provides an additional layer of protection. Backups are stored in our secure SSAE/16 certified data center. If your primary site suffers a catastrophe, files can be restored from our site to yours with the assistance of our qualified team. Data is encrypted from end-to-end. Service Benefits Prevent loss of critical data Maximize operational uptime Ensure regulatory compliance Reduce the costs of downtime On-demand backup per incident for forensics Outsource backup management so key operations staff can focus on availability and uptime. Custom versions and generations to scale to your needs Why Industrial Defender Solutions Operational Continuity Solution Industrial Defender Survive Services provide backup of data critical to your operations Clients, Servers, s, Perimeter s, and Industrial Defender End-point configuration data, software, files, databases, and directories Centralized logging of backups and alerts Custom versions and generations to scale to your needs. Experienced Team Experienced ICS security professionals monitor and manage: Daily Backup Verification Incident Response Recovery and Restoration Decade of proven experience monitoring and managing cyber security for industrial control systems around the globe Secure Delivery Low-touch agentless solution Non-invasive installation, troubleshooting, upgrading, diagnosis Secure Data Data is securely encrypted from end-to-end. Only the customer holds the encryption key. Data stored in SSAE/16 Type II data center. (Industrial Defender Survive Offsite) 5
Conclusion Maximum uptime. It s been said that OT (operational technology) is IT (information technology) with consequences. Downtime is costly and can directly impact quality of life for customers as well as public safety. Viewing a comprehensive solution set as a sustainable services program can help to develop the continuity strategy that best fits your organization. To be prepared organizations must: 1. Start by taking inventory of key systems and applications that are critical to operations. 2. Each system, application and data set must be identified, prioritized and assigned an RTO (recovery time objective) and RPO (recovery point objective). 3. Identify risks to the environment from common place to worst case. 4. Review processes, physical equipment and procedures currently in place to address each scenario. Conduct resource gap analysis for procedure execution. Resources can be equipment, facilities, staff and/or skill sets. 5. Prioritize areas needing support and research solutions. Operational continuity of plants and control centers is crucial. With proven experience monitoring and managing control system cybersecurity, customers around the world trust Lockheed Martin s Industrial Defender Solutions to mitigate their cyber risk and improve operational effectiveness. With over a decade experience, our team is knowledgeable of the unique cyber security challenges associated with protecting critical infrastructure in plant networks. The Industrial Defender Difference As part of Lockheed Martin, Industrial Defender solutions deliver cybersecurity, compliance and change management for industrial control systems (ICS). Over the last decade, the organization has successfully developed and delivered a single unified platform to secure and manage heterogeneous control environments for critical infrastructure operations. Our flagship product, Industrial Defender Automation Systems Manager (), has become the de facto standard to ensure the availability and reliability of key industrial processes amid escalating cyber threats, increasing regulatory burdens and accelerating ICS management challenges. Over 400 companies in 25 countries rely on Industrial Defender solutions to reduce costs, manage risks and enhance operational excellence. 6 Industrial Defender Solutions 16 Chestnut Street, Suite 300 Foxborough, MA, USA, 02035 Phone: +1-508-718-6700 info@industrialdefender.com id.lockheedmartin.com id.lockheedmartin.com 2014 2014 Lockheed Lockheed Martin Martin Industrial Industrial Defender, Defender, Inc. Inc.