It’s a measure mainly used by security departments for systems that store highly sensitive information to make it resistant to cyberattacks.
If you’re a fan of “Mr. Robot” or similar TV shows, you’ve undoubtedly seen hackers pull off some mind-bending cyber stunts to steal data. But when it comes to the real challenge of an air-gapped system, the dramatisation can take a more physical turn.
Because of its isolation, an air-gapped system is notoriously tough to access. This usually means our favourite hoodie-clad hacker might have to resort to scaling a building just to get into the same room as this system. From military settings to financial institutions, they often confine these systems to specific rooms, for the data to remain secure and confidential.
Does the world suffer from a ‘gap’ in the ‘air’?
Air gapping is indeed a practice recognised globally, but its use is not uniform across all countries or industries. A recent report from CYJAX highlighted strategic implications of cyber operations and how countries like China use cyber tactics as part of their broader geopolitical strategy. In response, nations and organisations might isolate their most critical networks to prevent infiltration, which could be part of a broader strategy to safeguard national security.
- On this note, there can be different kinds of air gapping organisations can use including: Complete physical air gaps: These systems (both hardware and software) are entirely separated in a distinct environment. This form of air gapping ensures total isolation from networked systems and often incorporates controlled physical entry.
- Segregated air-gapped systems: These are distinct from other systems within the same physical space, potentially even located on the same server rack, but do not share network connections.
- Logical air gaps: These involve segregating systems within the same network through virtual means rather than physical ones. This type of separation is achieved using methods like encryption and role-based access control.
Who’s talking about it?
The types of organisations that would typically engage in discussions about air gapping varies from government agencies and financial institutions to technology and cybersecurity firms. A few years ago, Joe Sullivan, Chief Security Officer at Cloudflare, the leading connectivity cloud company, stated in an interview for Raconteur that government agencies like the CIA had started to advise the inclusion of air gapping in anti-ransomware programmes.
With ransomware attacks being on an upward trajectory and becoming more sophisticated than ever, governments have been prioritising air gapping for their systems since then.
Useful links:
Air gapping: is unplugging the ultimate in cybersecurity?