Exposing The Myth of The Invulnerable Air Gapped System
Saying that air gapping a system is anything but the most secure and invulnerable way to protect data is bound to burst some bubbles.
After all, this is the gospel truth among IT professionals who live in a world of clean, sanitized, statistics that don’t always account for how dirty the real world can be.
The truth is that a corporate or personal data store doesn’t magically transform into an impenetrable fortress as soon as it’s air-gapped.
While it is considered the most secure way to protect data, it is not invulnerable. The article explains that air gapping is vulnerable to people.
Even air-gapped systems require people to set them up and transfer data. If any person in this chain of command is compromised, the entire system becomes vulnerable.
The article suggests that air gapping should be used as an extra step in the process of protecting data, not the only method.
It also provides suggestions for managing people handling data and preventing mistakes that can lead to vulnerabilities.
What is air gapping?
If you’re not skipping this section, you’re either unfamiliar with the term or don’t have anything better to do with your time. In short, an air-gapped system does not communicate with the outside world through a network.
Have you ever unplugged your computer from the internet to connect it to a new router or some other networking gear? That system was air-gapped the entire time it was disconnected.
A look at corporate air gapping
Often, a company or individual will have air-gapped systems to keep a cache of unadulterated data. Perhaps this is a database backup, a repository of sensitive client information, a collection of secret cat videos, et cetera.
The content of the data is not quite as important as why this data has to be stored in a computer wholly disconnected from the internet. A good reason for to air gap—often the most prevalent—is to protect the data from network intrusion.
A hacker trying to access sensitive data remotely will be met with a solid wall of air between himself and the destination of his attack, hence the choice to name this simple method. At least for now, there isn’t a way to hack air…
Or is there?
Elegant solution, meet a simple flaw
Although air gapping is so simple that even a dog can accidentally execute it by chewing through cables, even the most elegant ideas have flaws that hit them like a train crashing into an oil truck.
While everyone’s laser-focused on James Bond-style vulnerabilities that use cellular communications or even the power lines themselves to transmit data between two air-gapped systems, these are generally theoretical scenarios that would still be extremely difficult to apply to modern technology.
It’s absurd for a hacker to engage in a resource-intensive battle against so many points of failure to get a sophisticated device hooked up that might be able to exfiltrate data without a hitch or corruption. Find a way through the air if you want to beat an air-gapped system.
Even air-gapped systems cannot escape a simple truth: Your cybersecurity is only as resilient against attacks as the people you trust to manage it. To put it briefly and abundantly clear, air gapping is vulnerable to people.
The “people” vulnerability is a concept older than cybersecurity or computers. Protected ancient texts have been stolen in the past by the protectors themselves. Secrets have accidentally slipped into the tongues of native people.
It’s impossible to “people gap” a system; someone has to set it up, another person collects data from the source system, checks it, transfers it, etc. If the thumb drive used for the transfer is infected with a trojan horse, then it’s just as easy—or, in many cases, even easier—to extract that data as if the system were connected to a network anyway.
Perhaps the goal is profit instead of espionage. Then the task for the hacker becomes even more straightforward. Just introduce some ransomware that installs itself quietly into every thumb drive it comes into contact with, and you’re set!
All it takes is for one person in this chain of command to be compromised, and the entire house of cards collapses. Social engineering is older than computers, and it remains, to this day, the most effective way to infiltrate computer-based systems.
The problem with air gapping is that it becomes a sort of safety blanket that people clutch tightly to convince themselves that everything is good in the world and that removing networking equipment from the equation in one single step of a data transfer process is going to reduce the chances of hackers getting what they want vastly.
This piece of discourse intends to ensure that people avoid falling under that illusion.
What to do now?
Although I’ve just spent a lot of time doing what essentially can be interpreted as trashing air gapping as a data protection method, it would be misleading to go by that interpretation.
I’m trying to say here that it shouldn’t be used as the method to protect your data, but rather an extra step in the process. Air gapping should be only one cog in the machine that protects everything.
It simplifies and streamlines, ensuring that you have a robust system against hackers. However, the rest is up to managing the people handling that data.
Every step in data storage should be set up to prevent people from making fatal mistakes that lead to various other vulnerabilities that can circumvent disconnection from a network. This involves checking for viruses on all connected systems before transferring data from them to the air-gapped system.
It also involves other preventative measures, such as:
- Making sure that anyone handling the data is trustworthy and that everyone has the understanding that only specific individuals can do this
- Formatting USB thumb drives on a clean system after every transfer
- Requiring face-to-face meetings to discuss any sensitive data and especially credentials (to prevent social engineering via impersonation), and
- Restricting the number of individuals managing the air gap transfer
Access management and protections against possible sabotage are among the most critical concepts in establishing the sanitized conditions that do air gapping work in the first place. Air is the final link in the chain, not the only one that should be focused on.
To put things briefly as possible: Don’t let air gapping be the teddy bear you hug at night to sleep well. Be ceaselessly vigilant of security risks and the possibility that the data store may still be vulnerable.