Securing data at rest (DAR) is top of mind for security officers and IT departments. Ransomware, malware, and other cyber attacks can be protected in many ways, including what is known as an air gap or air-gapped network. But what is an air-gapped network? In an air-gapped environment, there is a physical separation between air-gapped computers and other devices. Most air-gapped computers, networks and other devices have no access to the internet or other means of external data sharing. To transfer data, a user must gain access with physical removable media device in person. In this post, we explain the appeal of air gapped networks in greater detail.
What is an Air Gap?
An air-gapped device or air-gapped network is one that has been siloed from other networks and/or devices. This resource from the National Institute of Standards and Technology at the U.S. Department of Commerce (NIST) elaborates. According to the NIST, an air gap is “an interface between two systems.” In an air gapped environment, those systems “are not connected physically and any logical connection is not automated.”
Put simply, data transmitted between devices in an air gapped system can only be shared manually by authorized users. Air-gapping is a common security measure used to protect data at rest or DAR. Air gaps often pop up in discussions about industrial control systems (ICS), military computer systems and financial computer systems.
Air gaps are typically used by the military, major corporations and B2G companies to protect sensitive data and critical systems from hackers. Still, everyday Americans have probably heard this term before. Air gapping is sometimes casually used to describe disconnecting your laptop from Wi-Fi or disabling your cell phone’s Bluetooth connection.
The most securely air-gapped device or network, however, will not have those capabilities at all. These air gapped systems are designed to protect military networks, critical infrastructure and devices. Such systems are arguably more important than the average Joe’s personal computer, though the increase of remote work has changed those dynamics over the past couple of years.
Why a Secure Facility is Necessary to Protect Data in an Air Gapped Environment
Such air gapped networks are physically isolated in high security environments. They also lack any of the hardware that would make internet connectivity possible. As Aaron Fernandez writes in this Wired article, the only way to breach an air gapped computer system “is if [someone has] physical access.”
Someone hoping to steal data cannot access an air gap device and/or network under most circumstances. Fernandez writes that the only way is to “walk up and physically plug in a USB drive, or other type of storage media.” To breach air gapped computers, a hacker would need to physically insert removable media—like an infected USB device. Of course, this is still a vulnerability of air gapped environments.
In addition to the risk of a physical breach, there is still some risk of internet-enabled attacks. Some air gapped networks do have limited access to the internet and other external means of communication. Describing air gap networks in industrial control systems, this GCA article notes a “true air gap is no longer practical in an interconnected world.”
Given this, the facility in which an air gapped device is stored or network is operated must be as secure as possible.
The Hardware Used in Air Gap Security Systems Matters
The only way to access or transfer data in a truly air gapped system is to physically breach air gapped computers. As such, the hardware used in air gap security systems matters.
From SSDs and removable drives to authentication and encryption processes, the ways in which we design air gapped computer systems is incredibly important. The security of each element significantly impacts the effectiveness of those systems. While procedures, authorization, and physical isolation are all important, it’s also important to store data at rest (DAR) using secure storage technology.