SCADA Recovery after a Cybersecurity Attack
Our multinational customer encountered a cybersecurity attack.
Goals
- Provide immediate service to minimize disruption in production and loss of data
Challenges
- Production should resume as quick as possible
- COVID-19 restrictions still in place
- Happened on a public holiday
Solutions Implemented
- Quick response from Plant Werx Team:
- 23:00 Plant Werx received a call from customer regarding system outage
- 23:10 Plant Werx recommended immediate initiation of production shut down and system lock down
- 00:10 Plant Werx arrived at site
- 01:30 Completed triage and quarantine of affected systems
- 4 Plant Werx engineers worked on shift-rotation on-site for analysis support, rebuilding and recommissioning
Results
- Quarantine existing SCADA system for customer’s cyber-security department for forensic analysis
- Rebuilt customer’s SCADA system from air-gapped backup kept in Plant Werx Office
- Total time taken after cyber-security team gave greenlight to format and rebuild: 36 hours
- Total savings to customer = SGD 180,000 (calculated based on average ransom amount paid in 2020 by organizations in Singapore)