Cyber Security training from QA

The Air-Gap Dilemma

QA Cyber Security Specialist, James Aguilan, looks at the methods through which air-gapped systems can be compromised.


James Aguilan | 26 February 2019

Air-gapped networks are used to protect many critical systems, including those that support the stock market, the government and industrial power industries. Separating sensitive IT systems from the internet using an 'air-gap' is secure and effective. However, it carries its own risks when data moves through the air-gapped to connected systems. Now, modern systems are incapable of creating security protections sufficiently such that they can be 'trusted' with the most sensitive data while concurrently being exposed to untrusted data streams. While an air-gapped system can protect data-at-rest, a completely isolated system or computer can be of limited value. Many inevitably require the system to connect with the internet indirectly or send and receive data from internet-connected systems where they are more vulnerable to a range of attacks.

There are variety of methods through which air-gapped systems can be compromised, such as the use of physical flash drives that install malware, unaccounted-for VPNs and other connections inherent in many older ICS networks. Air-gaps are conceptually simple, but are hard to maintain in practice. The truth is that nobody wants a computer that never receives files from the Internet and never sends files out into the Internet. What they want is a computer that's not directly connected to the Internet, albeit with some secure way of moving files on and off. But every time a file moves back or forth, there's the potential for attack. That's essentially the dilemma Defense Advanced Research Projects Agency (DARPA) is attempting to solve.

Recommendation

While there are several countermeasures against electromagnetic exploits that have been proposed, there is no perfect solution. One of the most effective methods to prevent electromagnetic exploits is to make it difficult for an attacker to collect an electromagnetic signal at the physical level such as creating space between the air-gapped system and outside walls or using a Faraday cage to prevent electromagnetic radiation (EMR) from escaping. Although these measures seem extreme, Close-proximity side channel attacks can be used to intercept data, such as key strokes or screen images from demodulated EMR waves.

End user security awareness training is the most viable solution to secure a computing device or network from an air-gap attack. The epic story of Stuxnet worm that was designed to attack air-gapped industrial control systems, is thought to have been introduced by infected thumb drives found by employees or obtained as free giveaways.

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

James Aguilan

James Aguilan

Cyber Security Specialist

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.