SCADA Recovery after a Cybersecurity Attack

Our multinational customer encountered a cybersecurity attack.

Goals
  • Provide immediate service to minimize disruption in production and loss of data
Challenges
  • Production should resume as quick as possible
  • COVID-19 restrictions still in place
  • Happened on a public holiday
Solutions Implemented
  • Quick response from Plant Werx Team:
    • 23:00 Plant Werx received a call from customer regarding system outage
    • 23:10 Plant Werx recommended immediate initiation of production shut down and system lock down
    • 00:10 Plant Werx arrived at site
    • 01:30 Completed triage and quarantine of affected systems
  • 4 Plant Werx engineers worked on shift-rotation on-site for analysis support, rebuilding and recommissioning
Results
  • Quarantine existing SCADA system for customer’s cyber-security department for forensic analysis
  • Rebuilt customer’s SCADA system from air-gapped backup kept in Plant Werx Office
  • Total time taken after cyber-security team gave greenlight to format and rebuild: 36 hours
  • Total savings to customer = SGD 180,000 (calculated based on average ransom amount paid in 2020 by organizations in Singapore)