What Is Air Gap and How Does It Impact Your Cybersecurity?
Nowadays, cyber security is at high stake. Organizations constantly transmit sensitive data across networks and hence, cyberattacks are on the rise. Ransomware, for example, is one of the most common cyber threats these days and Cybersecurity Ventures predicts the global cost of ransomware attacks to increase to $265bn by 2031.
The rising number of cyber attacks is the main reason why tight security is a must. In general, a secure infrastructure includes multiple layers of protection dispersed throughout computers, programs, and networks. There is also an air gap concept that is believed to be a highly effective way to protect valuable information. But is it really secure enough?
What is an air gap?
What does gaping mean? An air gap is a network security measure that implies a physical separation between a secure network and any other computer or network. A gapped computer is not directly connected to the Internet, nor it is connected to any other system. You can only pass the data to it through a physical device like a USB, a removable media, or a firewire with another machine. Remember old spy movies where people would access laptops while hanging from the ceiling on a rope? This is kind of similar to how gapping looks.
Air gaps have been a common security measure in the critical infrastructure sector, where a cyber attack can disrupt or halt major operations. The systems that deploy gapping normally include:
- Military computer systems and networks;
- Governmental computer systems and networks;
- Financial computer systems and networks;
- Industrial control systems;
- Nuclear power plants;
- Aviation computers;
- Medical equipment.
Gapped computers are typically located in secure places, such as in a separate server facility with tight security. As a precaution, air-gapped systems have restricted access, so only a few trusted users can access them.
Types of air gaps
There are three main types of the air gap concept. Let’s see each type in more detail.
- Total physical air gaps: this type assumes complete physical separation of a system/device from the network. That means there are no network connections to the device and if you need to get or load the data onto it, you need to go to the storage place directly. You may also need to pass through the security since physical access to the environment where the device is stored is usually restricted.
- Isolated air-gapped systems: this type implies that systems/devices are not connected to a common network, but are in the same place (i.e. in one room).
- Logical air gaps: are not separated physically from the rest of the system but are isolated from it through encryption and hashing.
What is the purpose of air gapping?
Air gapping protects critical computer systems or data from potential cyber-attacks. The purpose of an air gap is to eliminate any possibility that a threat actor can infiltrate the protected system through an external connection.
Companies also use gapping to create backups for their data. Implementation of an air gap backup can be a challenge though, as it requires a high level of security and planning. However, when managed properly, gapped networks can provide one of the highest levels of security. Besides, with the help of air gap backups, companies can restore the data even if it was lost or corrupted due to a software glitch, a hardware failure, or a ransomware attack.
The 3-2-1 rule
Gapping plays an important role in the 3-2-1 backup strategy. This strategy ensures that you will always have access to your data since there will be at least 3 backups. And gapping is usually the preferred method of backing up the data in regard to the 3-2-1 rule.
Note that although air gapping can defend your data from hackers, this method is not unbreakable. Seeing gaps as a single form of defense can cause significant damage and risks. One way hackers are beating the air gap is through the use of USB malware. And the Stuntex worm incident from 2010 is a good example of how network hardware can cause damage, as that strain of malware was spread to Iranian industrial and nuclear plants via USB drives. The key point in the Stuntex case is that a determined actor infiltrated a secure facility and delivered malware that ultimately found its target despite a gapped network.
You can also check these articles to learn more about security issues and how to deal with them:
- The Main Security Issues in the Mobile App Development
- Recommended Secure Coding Practices to Safeguard Your Software
- 5 Practices That Will Help You Develop Secure Software
The main challenges of gapping implementation
Despite the high level of security that an air gap provides, it’s still possible to breach gapped computers. Not to mention that there is always a possibility of a human error exposing the gapped backup to the network. Let’s look at the challenges related to air gapping in more detail.
Gapping is exposed to a variety of human-centric risks. Air gap systems are physically unplugged from the network. So to add, modify, or download data from the system, you’ll need a portable storage device like a USB and a person with access to an air-gapped computer. Even experienced and reliable users can make mistakes and leave doors unlocked or they can lose their portable devices with the data. And an easy way for hackers to breach an air-gapped system is to use an infected USB device.
Another way for hackers to penetrate a gapped system is by installing a virus in its updated software. Thus, the attacker can easily get through the air gap and cause irreparable damage.
Organizations need to ensure that air-gapped computers and networks are protected internally, and not only from the external world. And it’s quite a challenge. Most air-gapped systems must remain stable and available all the time, so it’s impossible to reboot them after a software install. Therefore, you can often find outdated systems that are still active, even though they are no longer supported by their manufacturers. This means that they are also not supported by security vendors. As a result, deploying software agents to protect systems in gapped networks is often not possible.
Also, many security solutions nowadays rely on the web connection. This leaves even fewer security options for the gapped systems.
Costs of labor and infrastructure
Working in a gapped environment can be inconvenient for computer operators. An air-gapped network has zero connection to the outside world. Hence, all remote communication, collaboration, and even a simple act of sharing files and documents become almost impossible. This limits automation and requires lots of manual work. Users also need to pass a lot of security procedures to get access to the backups, which can be time-consuming and crucial when you need to act fast to restore the data.
There are infrastructural challenges as well. An air gap may require creating a whole new network with independent servers, routers, and other management tools. It can be quite expensive to implement and operate.
How to prevent air gap breakthrough
As we can see, a gapped system is not perfect and has its flaws and vulnerabilities. To enhance your air gap security, keep the following things in mind:
- Encrypt the data. Air gap backups should be encrypted to protect sensitive data from being accessed by unauthorized users. It is a good measure in case the data is stolen, as it will become useless to thieves.
- Secure the location. Backups should be stored in a secure location that is not accessible to unauthorized personnel. Enforce strict policies about where air-gapped network hardware can physically go, who can use it outside of designated physical areas, and how it can be used.
- Ban phones near gapped machines. Security experts have found that innovative acoustic channels employing ultrasonic and inaudible sound waves can be used as an attack vector against smartphones capable of picking up higher frequencies. The data can also be pumped through radio signals even when Bluetooth is turned off. So it is better not to use mobile phones near the most critical systems.
Air gap today: is it still relevant?
With its ability to preserve data from various threats and digital theft, the air gap technology seems like a valuable security measure. However, inaccessibility has always been its disadvantage. Organizations have used this technology for many years, so having the physical workforce to connect disks to the web has not been a problem. But nowadays it is no longer practical and the use of the air gap method can bring certain disadvantages.
False sense of security
The air gap can be a very effective barrier against cyberattacks if implemented and maintained correctly. However, gapped networks are vulnerable to targeted attacks. In the modern world, there are a lot of ways to break this security measure. For instance, stealing data through analyzing the acoustic waveforms, or physical malware attacks, i.e. by implementing viruses (such as Stuntex) via a USB device.
Besides, the software of a gapped system needs to be regularly updated, which is difficult as someone must do it manually. The inability to update air-gapped systems on time means they grow weaker and the chances of security breach increase.
No longer practical
Air gapping causes organizations to miss out on vulnerable data. Organizations cannot benefit from the highly valuable data these systems generate. Data analyzed in real-time can help companies to improve efficiency and benefit from it. But gapping makes it difficult to access the data, which makes timely analysis of this information really hard.
With numerous devices connected to the Internet, and connections existing between devices as well, it is likely that your air-gapped system actually has an Internet connection that no one knows about. Moreover, when organizations scan the system to create an inventory of all their network-connected devices, they may discover equipment that no one knew even existed, much less had a network connection. Also note that today, hackers use highly sophisticated technologies to steal or damage data from a system even if it is physically isolated.
The air gap remains one of the critical layers of data protection against all forms of data loss despite its flaws and hidden rocks. Although it can be challenging, it is better to make sure your data backup and recovery strategy includes gapping. However, that doesn't mean your data is completely protected. So think carefully if your business really requires a gapped network as a security measure and make sure to apply additional security measures in addition to air-gapping.
Q: What does air gapping mean?
A: Air gapping means isolating a computer or a system from the network and from the rest of the system with an aim to protect it from possible threats. Such isolation means a computer cannot be accessed via the Internet and you can upload data into it only via a portable device such as a USB. In this way, you create an “air gap” - a barrier between the system and the isolated device.
Q: How does air gapping work?
A: An air gap separates a computer from the rest of the system (i.e. by storing it in a separate location and with no connection to the network). As a result, threat agents cannot access the computer. The data can be loaded into it only via a USB or a similar removable media.
There are three types of the air gap concept:
- Total physical air gaps, which implement complete physical system separation from the network and to the separate environment. That means there are no network connections to the device, so to update the information and software you use storage devices like USB or Wi-Fi dongles.
- Isolated air-gapped systems mean the systems are not connected to a common network but are in the same place.
- Logical air gaps are not physically separate systems, but through encryption and hashing, or add role-based access control.
Q: What is the purpose of an air gap?
A: The goal of an air gap is to isolate crucial data from local networks and production areas that are more vulnerable to attacks. When managed properly, air-gapped networks can provide one of the highest levels of security. Companies also use gapping to create backups for their intelligence. With the help of air gap backups, companies can restore data after accidents, such as fire or flood, or if data has been lost or corrupted because of a software glitch, hardware failure or ransomware attack.
There is no one-size-fits-all cybersecurity system, so it is always worth considering several options. Very informative and easy to read article on air gap. Good job!