What is Air-Gapping?
Similar to the medical term ‘quarantine’, an air-gapped computer or network is physically separated from other computers or networks. To explain further, an air-gapped computer is not physically or digitally (no Wi-Fi) connected to the Internet, nor to any external device. Air-gapping assumes that every other network or device is a threat in an effort to provide a heightened level of security. For data to move across the air-gap, it needs to be physically transferred using an alternative data storage medium, such as a USB drive. Air-gapped networks are closed systems, with input and output under strict controls.
Air-gapping can be setup in a variety of businesses and government agencies at a reasonably low cost, in terms of infrastructure. So long as the network remains unconnected, it is further protected from malicious actors working externally to the infrastructure. Most frequently, air-gapping is used in environments that deal with classified or highly sensitive information, such as military or government systems, financial systems like stock exchanges, life-critical systems, and industrial control systems.
What’s the catch?
The most obvious downside is that maintaining the air-gapped data can be labour intensive. Manual data transfer may lower productivity, which has a flow-on effect of becoming more expensive to run. Due to the lack of direct connectivity to the Internet, the system won’t automatically receive software updates, including security patches, antivirus updates, and so on, which leaves systems with vulnerabilities that can be leveraged by malicious actors. The installation of updates requires manual data transfer, which has its own risks as discussed in the next section.
In an air-gapped network, no remote connection from the outside world should be available. This can slow down recovery if a situation occurs where there has been a fault that is affecting operations and an engineer or developer is then required to attend to the system ASAP. Instead of being able to remotely access the network, they are required to be on-site, affecting recovery times from incidents outside business hours. By allowing a remote connection program in a network, it no longer is considered air-gapped and now potentially accessible to external malicious actors.
Jumping the Air-Gap
The biggest threat to any system is the people who have access to it. Insider threats, such as disgruntled staff members, may seek to disrupt or steal the data that exists within the protected system. However, gaining physical access doesn’t mean the threat has to be in the same room. Instead, sometimes they are able to use the behaviour of other people to gain access to the air-gapped network.
In 2010, the malicious computer worm ‘Stuxnet’ was targeted at air-gapped Iranian nuclear facilities through infected USBs. This malware was specifically crafted to take advantage of a string of zero-day vulnerabilities to infect systems, propagate itself, and look for the system it was designed to target. This was the first in a string of similar malware types (such as ‘Flame’, ‘Duqu’, and more recently, ‘Brutal Kangaroo’), which are crafted to infect every USB plugged into the compromised computer with the expectation that, eventually, one of them would be connected to the air-gapped network.
Once the target system has been infected, data exfiltration methods can extend to properties that are native to the machine, including light and sound (i.e. LEDs and hardrives using morse code), which can be monitored from a distance. None of this means that air-gapping has lost relevance.
While there are cons to running an air-gapped environment and there are demonstrated ways in which to jump the gap, systems disconnected from the greater world of the Internet remain one of the most secure ways to protect data. Due to the complexity of bypassing the air-gap and exfiltrating data, air-gapping a network is still a valid way for a company to establish a strong layer of defence for sensitive systems or data.