Air-gapped networks are used to protect many critical systems, including those that support the stock market, the government and industrial power industries. Separating sensitive IT systems from the internet using an 'air-gap' is secure and effective. However, it carries its own risks when data moves through the air-gapped to connected systems. Now, modern systems are incapable of creating security protections sufficiently such that they can be 'trusted' with the most sensitive data while concurrently being exposed to untrusted data streams. While an air-gapped system can protect data-at-rest, a completely isolated system or computer can be of limited value. Many inevitably require the system to connect with the internet indirectly or send and receive data from internet-connected systems where they are more vulnerable to a range of attacks.
There are variety of methods through which air-gapped systems can be compromised, such as the use of physical flash drives that install malware, unaccounted-for VPNs and other connections inherent in many older ICS networks. Air-gaps are conceptually simple, but are hard to maintain in practice. The truth is that nobody wants a computer that never receives files from the Internet and never sends files out into the Internet. What they want is a computer that's not directly connected to the Internet, albeit with some secure way of moving files on and off. But every time a file moves back or forth, there's the potential for attack. That's essentially the dilemma Defense Advanced Research Projects Agency (DARPA) is attempting to solve.
Recommendation
While there are several countermeasures against electromagnetic exploits that have been proposed, there is no perfect solution. One of the most effective methods to prevent electromagnetic exploits is to make it difficult for an attacker to collect an electromagnetic signal at the physical level such as creating space between the air-gapped system and outside walls or using a Faraday cage to prevent electromagnetic radiation (EMR) from escaping. Although these measures seem extreme, Close-proximity side channel attacks can be used to intercept data, such as key strokes or screen images from demodulated EMR waves.
End user security awareness training is the most viable solution to secure a computing device or network from an air-gap attack. The epic story of Stuxnet worm that was designed to attack air-gapped industrial control systems, is thought to have been introduced by infected thumb drives found by employees or obtained as free giveaways.
More articles by James
Safeguarding your Digital Footprint
QA Cyber Security Trainer, James Aguilan, shares 6 tips that can help you safeguard your digital footprint.
05 March 2018Phishing Campaigns: Defending organisations against phishing
QA Cyber Security Trainer, James Aguilan, argues that understanding how to defend against phishing is of paramount importance for the confidentiality and integrity o…
15 February 2018Most common ways for thieves to steal your cryptocurrency
QA Cyber Security Trainer, James Aguilan, looks at how cybercriminals can steal your coins.
19 July 2018Is Mr Robot a good representation of real-life hacking and hacking culture?
QA Cybersecurity trainer James Aguilan looks at several scenarios featured in the hit US TV series Mr Robot – and how they may represent real-life hacking.
19 February 2018How to build an effective cyber defence against polymorphic malware
QA Cyber Security Trainer, James Aguilan, lists three key areas where security efforts should be focussed to counter polymorphic malware.
11 October 2018How do organisations demonstrate accountability for GDPR compliance?
QA Cyber Security Trainer, James Aguilan, outlines steps towards demonstrating compliance with the GDPR.
20 March 2018Cyber criminals can exploit flaws in online security and all new appliances
QA Cyber Security Trainer, James Aguilan, looks at how internet-enabled devices such as fridges, doorbells and TVs are leaving consumers exposed to hackers.
22 May 2018Cryptocurrency Mining: Does the reward outweigh the cost?
QA Cyber Security Trainer, James Aguilan, looks at the practice of mining cryptocurrency.
27 March 2018Cryptocurrency in traditional crimes
QA Cyber Security Trainer, James Aguilan, looks at how cryptocurrency is used in crimes such as drug trafficking, money laundering and fraud.
25 July 2018Business security challenges from the IoT
QA Cyber Security Trainer, James Aguilan, details the business security challenges when it comes to the exponential growth of the Internet of Things (IoT).
03 July 2018