Air gapping is a network security measure that requires disconnecting one or more computers to ensure it is physically isolated from unsecured networks like the Internet or insufficiently secured local area networks (LANs). Translated to simpler terms, computers or LANs have no network interface controllers connected to other networks.
You can compare an air-gapped computer or network to water pipes disconnected from the primary source—the public utility provider’s—to maintain water quality.
- Is Air Gapping Foolproof?
- What Are the Ways Threat Actors Use to Beat Air Gapping?
- What Computers Employ Air Gapping?
- What Are the Different Types of Air Gapping?
- Can Users Back Up Data from Air-Gapped Systems?
- What Should Users Do When Air Gapping Data Backups?
- Key Takeaways
Read More about Air Gapping
Air gapping computer networks essentially isolate them from public access. In most cases, only authorized employees can access them physically since they are kept in locked rooms.
Here’s a diagram of an air-gapped database (enclosed within a circle) in a computer network.
Is Air Gapping Foolproof?
While air gapping can likely thwart cyber attacks, if threat actors obtain physical access to them, they may still be vulnerable to malware infection.
Such was the case with Stuxnet, where the attackers exploited security holes in air-gapped systems using removable media. Over the years, other tactics have been deemed effective as well, such as using acoustic communication and FM frequency signals to exfiltrate data.
Do you remember Tom Cruise hanging from the ceiling in Mission Impossible as he stole data from an air-gapped system? That scenario is the perfect (though highly unlikely) example of breaching air gapping. There are more plausible ways to do so, though.
What Are the Ways Threat Actors Use to Beat Air Gapping?
Threat actors can extract data from air-gapped systems via these channels:
- Electromagnetic: The oldest attack vector includes eavesdropping on electromagnetic radiation from the computer’s memory bus and monitoring leakage from USB ports and cables.
- Acoustic: Has become popular due to the volume of hackable smartphones capable of picking up audio signals humans can’t differentiate from background noise. Attackers can use ultrasonic sound waves with higher frequencies that are both inaudible and provide greater bandwidth.
- Thermal: Still theoretical to this day since it has low bandwidth, making it a very impractical attack vector.
- Optical transmission: Made possible by the widespread availability of easily hacked surveillance cameras.
While air gapping isn’t foolproof, it is tough to beat.
What Computers Employ Air Gapping?
Several network and system types may be air-gapped, including:
- Military and government computer networks and systems
- Financial computer systems, including those that belong to stock exchanges
- Industrial control systems (ICSs) like the supervisory control and data acquisition (SCADA) systems used in the oil and gas industry
- National and state lottery game machines or random number generators
- Life-critical systems like nuclear power plants controls, aviation systems, computerized medical equipment, and others
What Are the Different Types of Air Gapping?
While many other kinds of air gapping exist, these three are the most commonly used:
- Total physical air gapping: This technique involves locking digital assets in a completely isolated physical environment, utterly separate from network-connected systems. Each total physical air-gapped digital asset has no network connection. Anyone who wants to get data from it or put data onto it must physically access it, which requires going through stringent physical security barriers.
- Segregated air gapping in the same environment: This technique is achieved by simply disconnecting a device from a network. An example would be two servers on the same rack, but each is air-gapped from the other because it isn’t plugged into the network.
- Logical air gapping: This technique segregates and protects a network-connected digital asset via logical processes. Encryption and hashing, along with role-based access controls, are usually employed. It can be just as effective as total physical air gapping since its content can’t be understood, stolen, or modified even if someone can access the digital asset.
Can Users Back Up Data from Air-Gapped Systems?
The quick-and-dirty answer is yes. Any information can be backed up no matter where it’s stored. In many cases, air gapping isn’t employed on systems and networks used in company operations. Why? Employees need to access the data they contain regularly, even daily.
In most cases, organizations limit air gapping to data backups, but there are best practices to keep in mind for such a practice.
What Should Users Do When Air Gapping Data Backups?
Here are some air gapping best practices for businesses:
- Store air-gapped backups in a secure location that unauthorized personnel can’t access.
- Update air-gapped backups regularly, typically daily or weekly.
- Test air-gapped backups periodically to ensure they can be used to restore data during a disaster.
- Encrypt air-gapped backups to protect sensitive data from unauthorized access.
Implementing air gapping is challenging since it requires a high level of security and planning. But it provides a critical layer of protection against data loss and can aid in disaster recovery. It also makes it very difficult for threat actors to steal information.
- Air gapping is a network security measure that requires disconnecting one or more computers to ensure it is physically isolated from unsecured networks like the Internet or insufficiently secured LANs.
- Military, government, financial, national and state, and life-critical medical and industrial control systems are typically air-gapped.
- Three types of air gapping are typically employed—total physical air gapping, segregated air gapping in the same environment, and logical air gapping.