Air-Gapping is a security measure in which organizations such as the military or utility providers physically disconnect portions of their IT infrastructure from their networks to protect their most critical systems from internet-based attacks . The idea behind air gapping is simple: a physically disconnected device can neither be infected by malware that is propagated via the internet nor can it be affected by command-and-control (C&C) traffic. In theory, air-gapped computers are much more secure than connected systems.
Air-gapped systems typically fall into two categories:
While this entry applies to both situations, it will deal primarily with the first example, as these are the ones that require extra security given their critical nature.
How can attackers possibly infect air-gapped systems?
Compromising an air-gapped system could allow an attacker to steal data from the system via data exfiltration. One example of how this can be accomplished is through the use the use of sound, which has been proven effective for transmitting data—the use of the system’s computer fans and radio frequency emissions from USB connectors are more extreme examples of this. A determined cybercriminal can also use unconventional attack methods to infiltrate air-gapped systems— researchers from Israel's Ben-Gurion University of the Negev and Shamoon College of Engineering demonstrated how this can be done. They created a malware that could “bridge” air-gapped systems via the infrared capabilities of compromised surveillance cameras.
While these kinds of attacks are certainly possible, attacks on air-gapped systems will more likely involve a tactic that has proven to be effective in nearly all kinds of malware attacks: social engineering. By tricking an individual with access to the air-gapped network into inserting a physical drive, an attacker can bypass all the complicated steps needed to pull off an attack successfully.
How IT professionals can secure air-gapped systems
Protecting air-gapped systems involves a multilayered approach to security that starts from the physical setup of the system to the people that interact with it on a regular basis. Here are some strategies that organizations can implement to ensure that their air-gapped systems are secured:
While air-gapped systems are certainly more secure by virtue of fewer attack avenues, it doesn’t necessarily mean that these systems are foolproof or that they are automatically safe simply by being disconnected from the network. Organizations that employ these kinds of systems should address all possible gaps in security to ensure that their air-gapped infrastructure is indeed secure.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.