What is Air Gap?

What is Air Gap?

What is Air Gap? Jonathan Poland

An air gap is a computer network that is physically isolated from other networks, including the internet. This isolation is designed to protect the network and the sensitive data it contains from external threats and vulnerabilities. Air gaps are commonly used in a variety of contexts to enhance information security, including in military systems, medical devices, secure facilities such as prisons, and critical infrastructure such as nuclear power plants.

For example, a military system might use an air gap to protect sensitive information from being accessed by external parties, such as foreign governments or cybercriminals. Similarly, a hospital might use an air gap to protect patient data and ensure the integrity and reliability of its medical devices. In these cases, the air gap helps to reduce the risk of information security breaches and ensure that the systems and data are protected from external threats.

Basically, air gaps are a basic and effective approach to protecting systems and information from external threats. By physically isolating networks from other networks, organizations can reduce the risk of information security breaches and protect sensitive data from external vulnerabilities. The following are illustrative examples of an air gap.

Standalone System

An air gap can be implemented as a standalone system with no networking capabilities whatsoever. For example, a medical device that contains a microcontroller but has no interface to connect to the outside world.

Offline Storage

Data storage devices that are only connected to computers that are offline. For example, a professional musician with a vault of unreleased material that is stored on encrypted data storage devices in a recording studio. Such devices are only connected to musical instruments and computing devices that have no connection to the internet or outside networks.

Stand-alone Network

A network that connects local devices without any physical way to connect to the internet or unsecured networks. For example, the human resources team of a small regional bank want to restrict confidential employee data to three machines that have no outside network connection. The three machines are networked together and attached to various data storage devices. The machines in the network and attached devices have no wireless networking capabilities and are not connected by wire to the internet or the office’s local area network.

Large Networks

An air gap network isn’t necessarily contained to one site and can be geographically distributed at a global, regional, city or campus scale. For example, a globally distributed control system for a pipeline that is completely isolated from unsecured networks. Large air gap networks are often challenging to physically secure. For example, wireless or wired communications running great distances may be intercepted or manipulated.

Physical Security

A hydroelectric dam maintains control systems that aren’t networked to the outside world. These systems are physically secured in a management office that can only be accessed by authorized individuals with a variety of security measures in place such as an access control system and security system.

Segregation Of Duties

A hedge fund is developing financial trading algorithms in a small room with no network connections out and advanced physical security measures such as a mantrap. They often use segregation of duties to ensure that no one person can remove or bring in data to the room. For example, any updates to the system involve multiple trusted people that have different roles such that no single person could install a malicious file.

Signal Blocking

A nuclear power station is completely unconnected to any networks. Efforts are made to block wireless networking signals in sensitive areas of the facility.

Hardware Validation

Modern hardware may contain networking capabilities that is not well documented. This may be done to implement functionality such as remote support or software updates. Alternatively, networking capabilities may be built into things for malicious purposes. As such, implementing a secure air gap network requires carefully reviewing any hardware that comes into contact with the system including external storage devices and peripherals such as a keyboard.

Updates

Air gap networks can only be updated by connecting outside data storage devices. This is a high risk operation and is a common way for air gapped systems to be compromised. Updates to air gap networks require a secure end-to-end procedure that includes a chain of trust for the files you are using and segregation of duties that ensure no single person can add malicious files. The security of updates are also completely reliant on the integrity of the data storage hardware used.

Backups

Air gap networks are commonly backed up locally on the air gap network itself. Implementation of secure offsite backups requires a process with all the same elements as an update process including hardware validation, chain of trust and segregation of duties. Physical security for data leaving a facility is also an important consideration.

Learn More
Incident Management Jonathan Poland

Incident Management

Incident management is a process that involves the organization and coordination of efforts to address and resolve information technology incidents.…

Advantages vs Disadvantages of Technology Jonathan Poland

Advantages vs Disadvantages of Technology

Technology has brought many advantages to modern society, and has greatly improved the way we live and work. Some of…

Job Levels Jonathan Poland

Job Levels

Job levels, also known as career levels or job grades, refer to the hierarchical structure within an organization. They are…

Action Plan Jonathan Poland

Action Plan

An action plan is a detailed strategy that outlines the steps and resources needed to achieve a specific goal. It…

Customer Expectations Jonathan Poland

Customer Expectations

Customer expectations refer to the base assumptions that customers make about a brand, its products and services, and the overall…

Corporate Reputation Jonathan Poland

Corporate Reputation

Corporate reputation refers to the collective perceptions or attitudes that various stakeholders, such as communities, customers, employees, partners, and regulators,…

Channel Strategy Jonathan Poland

Channel Strategy

A channel strategy refers to the plan an organization uses to reach and interact with its customers. A channel is…

Pricing 101 Jonathan Poland

Pricing 101

Pricing refers to the process of determining the value that a business will receive in exchange for its products or…

Crypto Jonathan Poland

Crypto

There are these new things in the world called crypto-currencies. You’ve definitely heard about them by now. The most famous…

Content Database

Search over 1,000 posts on topics across
business, finance, and capital markets.

Internet of Things Jonathan Poland

Internet of Things

The Internet of things describes physical objects with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or communication networks.

Management Approaches Jonathan Poland

Management Approaches

Management approaches are methods or techniques that are used to direct and control an organization. These approaches may be adopted…

Product Development Jonathan Poland

Product Development

Product development is the process of designing, creating, and launching new products. It typically involves a number of different steps,…

Rebranding Jonathan Poland

Rebranding

Rebranding is the process of making significant changes to a company’s brand in order to alter the way it is…

Target Costing Jonathan Poland

Target Costing

Target costing is a cost management approach that involves setting a target cost for a product or service and then…

Collectables Jonathan Poland

Collectables

Collectables, also known as collectibles or antiques, are items that are valued for their rarity, historical significance, or aesthetic appeal.…

Strategic Direction Jonathan Poland

Strategic Direction

Strategic direction refers to the long-term vision and direction of an organization, and it serves as a guiding principle for…

Exchange Rate Risk Jonathan Poland

Exchange Rate Risk

Exchange rate risk, also known as currency risk, is the risk that changes in exchange rates will negatively impact the…

Technology Risk Jonathan Poland

Technology Risk

Technology risk refers to the risk that technology shortcomings may result in losses for a business. This can include the…