What Does Air Gap Mean?
An air gap is a security measure that isolates a digital device component or private local area network (LAN) from other devices and networks, including the public internet. An air gap is also known as an air wall and the strategy of using air gaps to protect critical data is also known as security by isolation.
Air gaps are used to protect critical computer systems and the data they store from malware, keyloggers, ransomware and other types of unauthorized access. This strategy seeks to ensure the total isolation of a given system electromagnetically, electronically and physically.
Air gapping also plays an important role in backup and recovery. For example with 3-2-1 backups, each backup has three copies. While two of the copies can be stored on the same network, the third copy has to be air-gapped and stored in a completely different physical location. This way, even if the network is attacked and the first two copies become compromised, storage administrators can use the air-gapped copy to restore data quickly.
Air gaps also play an important role in confidential computing. Confidential computing is an emerging approach to cybersecurity that runs computational workloads in isolated, hardware-encrypted environments.
Techopedia Explains Air Gap
Air-gapped systems are computers or networks typically contain highly-sensitive or business-critical data.
Challenges
Air gaps used to be the gold standard for protecting Operational Technology (OT) environments back in the days when when OT and information technology (IT) were two different things.
In the past, a lot of traditional electronic equipment like thermostats and home appliances were air-gapped due to their inherent limits rather than for security reasons. However, with the widespread diffusion of wireless components, OT is no longer air-gapped because the technology connects to the internet.
Air Gap Security
To protect critical data, additional security precautions should be taken to support air gaps. This includes disabling USB ports and using a Faraday cage to block wireless transmissions and prevent electromagnetic (EM) leakage.
Today, true isolation also requires the elimination of electromagnetic radiation leaks. This includes blocking FM and cellular frequency signals, blocking thermal and near-field communication (NFC) channels and cloaking LED light pulses.
Air Gap Jumps
Despite the high level of security an air gap provides, it's still possible to breach air-gapped computers. While the concept of physical isolation is quite simple, its execution is becoming increasingly difficult.
Air gap attacks are a growing cyberthreat, especially for air-gapped networks cut off from the internet. Security experts have found that cutting-edge acoustic channels employing ultrasonic, inaudible sound waves can be used as an attack vector against smartphones capable of picking up higher frequencies. Data can also be siphoned through radio signals even when Bluetooth is disabled. That is why, in many high-security environments, mobile phones are not allowed in range of the most critical systems.
According to CISA, well-known instances of attackers jumping an air gap include:
2010 – a USB drive was used to infect a nuclear facility, change centrifuge RPMs and edit the control room's human-machine interface (HMI) to indicate the centrifuges were operating normally.
2018 – the U.S. accused Russia of infecting air-gapped electrical grid operations.
2020 – hackers believed to be working on behalf of the Chinese government successfully targeted the air-gapped networks of the Taiwanese and the Philippine military.