What is an Air Gap?
An air gap is a security measure that isolates a digital device, computer system, or local area network (LAN) from other devices, systems, and networks, including the Internet. An air gap is also known as an air wall and the strategy of using air gaps to protect critical infrastructures and data is also known as security by isolation.
Air gaps are effective against remote attacks, but they don’t protect against threats that can be introduced physically. USB flash drives containing keylogger software can silently record data on an air-gapped system, and this data can be retrieved later on by retrieving the drive.
Key Takeaways
- Air gaps physically or logically isolate sensitive data, systems, or networks.
- The purpose of air gaps is to reduce the attack surface by minimizing the number of potential entry points.
- The isolation that air gaps provide is especially useful for preventing or mitigating remote cyberattacks that rely on network connectivity.
- Air-gapped systems are not fool-proof. They are still vulnerable to physical attacks, side-channel attacks, and supply chain attacks.
- Organizations can create a more resilient defense against cyber threats by combining air gaps with other cybersecurity best practices.
How Air Gap Works
An air gap physically or logically separates a digital device, computer system, or network from other devices, systems, or networks.
Physical separation involves closing network ports, disabling Wi-Fi and Bluetooth connection options, and removing cables. Logical separations involve strict network controls and security policies that dictate when and how data to (or from) an air-gapped system can be exchanged.
In air-gapped environments, data transfers are often conducted through data diodes that enforce one-way data transfers. Alternatively, USB thumb drives or other external storage media can be used to transfer data manually.
Why are Air Gaps Used?
Air gaps are used to protect critical computer systems and the data they store.
For example, air gaps play an important role in 3-2-1 backups. This type of backup requires three copies. Two copies are stored on different types of storage media or separate devices, and the third copy is stored offsite. This way, if the network is attacked and the first two copies are compromised, administrators can use the air-gapped copy to restore data quickly.
Other popular use cases for air gapping include:
- Protecting classified information and critical military infrastructure.
- Protecting highly sensitive financial data and trading systems.
- Securing patient data by air-gapping networks that store electronic health records (EHRs).
- Protecting intellectual property (IP) by isolating networks that handle sensitive research data.
- Isolating operational technology (OT) in manufacturing plants to safeguard SCADA control systems.
Types of Air Gaps
Air gaps can be categorized by the type of isolation they provide.
How to Prevent Air Gap Breakthroughs
To safeguard critical systems and prevent air gap breakthroughs, it’s important to implement proactive measures that address common attack vectors. This means staying on top of the latest vulnerabilities and cyberthreats and implementing best practices to limit risk and harden security.
To maintain security, removable storage media should always be scanned for malware on a separate, secure system before it’s connected to an air-gapped system.
Faraday cages can be used to shield an air-gapped system from wireless attacks.
10 Ways to Protect Air-Gapped Networks
To protect air-gapped networks, it’s important to take the following proactive measures:
- Strictly control physical access to air-gapped systems to prevent unauthorized individuals from tampering with hardware or software
- Restrict the use of external storage media and mobile devices within the air-gapped environment
- Implement robust monitoring and intrusion detection systems (IDS) to identify suspicious activity
- When transferring data in or out of the air-gapped environment, use encryption to safeguard data in transit (DIT)
- Consider using Faraday cages to reduce electromagnetic emissions as much as possible and minimize the risk of phreaking and other side-channel attacks
- Consider using unidirectional data diodes to control dataflows
- Consider using hardware security modules (HSMs) or trusted platform modules (TPMs) to add an extra layer of protection for data in isolated environments
- Conduct regular security audits and vulnerability assessments to identify weaknesses
- Educate personnel about the importance of adhering to security protocols for air-gapped computers and networks
- Reduce the risk of supply chain attacks by verifying the integrity of third-party suppliers and confirming their adherence to secure development practices
Air Gap Pros and Cons
Air gaps used to be the gold standard for protecting critical infrastructure. Before the Internet of Things (IoT), operational technology systems were isolated from information technology systems, and this created a natural air gap.
Digital transformation changed this, and while air gaps are still used to provide an additional layer of protection, they are no longer seen as impenetrable barriers.
Today, air gaps are used to limit risk by building defense in depth. Like all security strategies, however, air gaps have both advantages and disadvantages.
- Air gaps reduce the attack surface by limiting exposure to external threats and compromised systems
- Air gaps can be implemented physically or logically
- Air gaps play an important role in layered security
- The use of air gaps can serve as evidence of an organization’s commitment to data protection and help demonstrate compliance with relevant regulations
- Air gapping is not immune to direct physical cyberattacks or side channel exploits
- Because air-gapped systems are isolated, their maintenance can be cumbersome and time-consuming
- When data transfers to air-gapped devices are conducted manually, it introduces the risk of human error
- Maintaining multiple physical isolated environments or virtual air gaps can increase the complexity of system administration and security management
The Bottom Line
The definition of air gap is essentially the same whether you’re talking about air gaps in plumbing or air gaps in operational and information technology (IT). In both cases, the idea is to prevent unwanted interactions by separating one thing from another.
FAQs
What is an air gap in simple terms?
What is the purpose of an air gap?
How do you know if you need an air gap?
How does air gapping work?
What is the air gap in cloud computing?
References
- Data Diode – Glossary | CSRC (Csrc.nist)
- What is the 3-2-1 Backup Rule? Best Practice Strategies | Druva (Druva)
- Side Channel Attacks – Semiconductor Engineering (Semiengineering)
- Virtual Air Gap: Explained – Security Boulevard (Securityboulevard)
- What is an Air Gap in Plumbing – Watters Plumbing (Wattersplumbing)