What is an Air Gap? Understanding the Concept
An Air Gap is a mechanism designed to isolate two or more computing systems or networks of varying trust levels, especially when processing each other's data.
Recall the "Mission Impossible" scene where Tom Cruise suspends himself from the ceiling, attempting to extract data from a computer inside a top-secret vault in the CIA headquarters. With today's lens, one might wonder: couldn't he have just hacked the system remotely? The answer is no. An Air Gap safeguarded the CIA system – a standalone computer not connected to any network, requiring physical presence within a high-security room for its operation. Hollywood's portrayal might seem exaggerated, but it reflects a once-dominant belief: maintaining physical distance between a system and any potential access is the best protection.
However, times have changed. Air Gaps still exist, and some industries find them indispensable. Yet, maintaining them has become challenging over the past two decades. To comprehend their continued relevance, it's essential to understand their concept, strengths, and weaknesses.
At its core, an Air Gap is a security measure. It aims to create an impervious barrier between digital assets and malicious actors. These threats could be hackers, viruses, insiders, power outages, or natural disasters. The most straightforward Air Gap is established by disconnecting a digital asset from all network connections and maintaining a physical distance from anyone potentially attempting to access it.
Interestingly, the Air Gap concept extends beyond IT. Building codes prescribe air gaps between water sources and drains, and in electrical engineering, a gap is mandated between moving parts in an electric motor.
Air Gaps primarily serve two security objectives: protecting against network or system intrusions and shielding digital assets from damage, access, or tampering. These goals often overlap but are distinct. For instance, storing backup tapes in a salt mine is an Air Gap method that protects data from unauthorized access. The rationale: if our systems get compromised or destroyed, we can restore them using data preserved in an Air-Gap-protected environment.
Air Gaps are perceived as the ultimate protective measure for many security professionals. After all, if an attacker can't even access a system or network, how can they harm it? Air Gaps are prevalent in high-security sectors like the military, finance, and utilities.
Originating from IT, networking, and security domains, an Air Gap refers to a security paradigm that logically and physically segregates IT systems. These systems aren't connected to external networks like the internet or local networks, nor to other IT systems. Data transfer between isolated systems is unidirectional, usually using portable storage devices.
Limitations and Vulnerabilities of the Air Gap System
While the Air Gap concept offers enhanced security, it isn't foolproof. A malefactor could gain unauthorized physical access, manipulate the system, or steal data using portable storage. Moreover, there exist methods to bypass an Air Gap through side-channel attacks, extracting information remotely from processor sounds, hard drive noises, electromagnetic radiation, temperature fluctuations, and more.
Applications of the Air Gap System
Air Gaps are ideal for protecting highly sensitive IT systems. Typical applications include:
- Military or intelligence computer systems
- Control systems for critical infrastructure.
- Systems in the financial and stock trading sectors.
Other uses include:
• Medical facilities like hospitals
• Scientific and research institutions
• Nuclear power plants
• Aviation safety environments
• Vehicle control systems
Drawbacks of Implementing an Air Gap
While Air Gaps enhance security, they also introduce unique challenges. Their security is contingent upon preventing unauthorized physical access. Data exchange becomes cumbersome, typically reliant on external storage devices like USB drives. Moreover, their surveillance becomes considerably more challenging. Lacking network connectivity means they cannot be integrated into network-based monitoring solutions.
Implementing an Air Gap often involves a process wherein data is transferred using a portable storage medium. This ensures system isolation and guarantees one-directional data transfer. However, Air Gaps have been shown to be bypassed using various techniques since November 2013. These include covert acoustic networks, using a computer's graphics card to produce radio signals, temperature variations, spying through GSM devices, hard drive sounds, optical transfers via tampered hard drive activity lights or LEDs, using a PC's processor to emit radio waves, and even manipulating network cables to produce radio signals.
The Practicality of Air Gaps in Cyber Defense
Today, the best approach is to view Air Gaps realistically. When applied correctly, they are very effective. However, it's a mistake to assume that "data is Air-Gapped, thus it's secure." It's essential to carefully assess desired outcomes, risks, and vulnerabilities for specific Air Gap use cases. Physical separation isn't always necessary. When used appropriately, an Air Gap provides a robust layer of cyber defense.