Air-gapped networks are used to protect many critical systems, including those that support the stock market, the government and industrial power industries. Separating sensitive IT systems from the internet using an 'air-gap' is secure and effective. However, it carries its own risks when data moves through the air-gapped to connected systems. Now, modern systems are incapable of creating security protections sufficiently such that they can be 'trusted' with the most sensitive data while concurrently being exposed to untrusted data streams. While an air-gapped system can protect data-at-rest, a completely isolated system or computer can be of limited value. Many inevitably require the system to connect with the internet indirectly or send and receive data from internet-connected systems where they are more vulnerable to a range of attacks.
There are variety of methods through which air-gapped systems can be compromised, such as the use of physical flash drives that install malware, unaccounted-for VPNs and other connections inherent in many older ICS networks. Air-gaps are conceptually simple, but are hard to maintain in practice. The truth is that nobody wants a computer that never receives files from the Internet and never sends files out into the Internet. What they want is a computer that's not directly connected to the Internet, albeit with some secure way of moving files on and off. But every time a file moves back or forth, there's the potential for attack. That's essentially the dilemma Defense Advanced Research Projects Agency (DARPA) is attempting to solve.
While there are several countermeasures against electromagnetic exploits that have been proposed, there is no perfect solution. One of the most effective methods to prevent electromagnetic exploits is to make it difficult for an attacker to collect an electromagnetic signal at the physical level such as creating space between the air-gapped system and outside walls or using a Faraday cage to prevent electromagnetic radiation (EMR) from escaping. Although these measures seem extreme, Close-proximity side channel attacks can be used to intercept data, such as key strokes or screen images from demodulated EMR waves.
End user security awareness training is the most viable solution to secure a computing device or network from an air-gap attack. The epic story of Stuxnet worm that was designed to attack air-gapped industrial control systems, is thought to have been introduced by infected thumb drives found by employees or obtained as free giveaways.
Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.
James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
More articles by James
Cyber Pulse: Edition 105
Cyber Pulse: Edition 104
Cyber Pulse: Edition 103
Cyber Pulse: Edition 102
Cyber Pulse: Edition 101
4 things you need to know about cyber security in 2020
How does Ransomware-as-a-Service work?
Phishing Campaigns: Defending organisations against phishing
Is Mr Robot a good representation of real-life hacking and hacking culture?
Safeguarding your Digital Footprint