What is an Air Gap?: Complete Explanation
If a device can be reached, it can be hacked. That, in a single, simple sentence, expresses what is perhaps the core truth of network and computer security. The entire field of cyber security, with all of its principles, techniques, and methods, proceeds with that fact lurking always in the background. Indeed, it might accurately be said that cyber security is just a series of ways to make devices, or the important data that happen to be stored on them, harder to reach.
Of course, a great many complications must be added to that lapidary statement, complications from which arise all of the things that make cyber security the difficult, puzzling, and endlessly interesting field that it is. For one thing, the benefits of computer networking have been enormous. Our modern technological civilization — with its smart thermostats and streaming platforms, its GPS systems that guide us to where we need to go, and its health monitors that keep our heart rates and respiration within healthy parameters — would be unimaginable if computers could not send and receive electromagnetic signals. Because computers can exchange data packets, we can automate and calibrate the delivery of energy resources to wherever they are needed. Because devices can perform digital handshakes, we can fit all of the information accumulated throughout human history into our pockets.
But behind every great boon, there seems to lurk a bane — often enough, a bane that is not immediately noticed. One of the banes of the computer revolution has been that as our networks grow more integrated and more powerful, they, in another sense, grow weaker — for the more devices that a computer is connected to, the more attack vectors there are by which hackers can bore their way into it and do damage.
Network security professionals have devised an extraordinary wealth of tools to keep potential attackers at bay — from encryption, VPNs, and various multi-factor authentication schemes to rigid network segmentation and strict zero-trust networking methodologies — but sometimes, certain machines must house data that are so important that no risk of a remote attack, however small, can be tolerated. In situations like this, the only acceptable measure is to make sure that the machine in question is not connected to any other machines — at least not over any network that does not itself have some extremely stringent security protocols in place. In especially extreme circumstances, it might be necessary to entirely physically isolate the machine from all other machines and do all data handling or computation on it locally. For the sake of security, it may sometimes be necessary to forgo the benefits of networking.
This procedure is known as air gapping. Paradoxically, an air gap is both extremely sophisticated and extremely simple. It is the former because it provides a very high level of security — so high that it is common to see it used in things like military intelligence, critical infrastructure, and other areas of overriding sociopolitical importance. It is the latter because it deliberately eschews the use of complicated “technical” solutions to ensure security.
Below, we will provide a comprehensive discussion of air gapping — of what it is, how it works, what its strengths and weaknesses are, what led cyber security professionals to introduce and implement the concept, and a few real-world examples of it in action. Throughout this discussion, however, a certain caveat should be maintained: No cyber security mechanism is utterly foolproof. Even air gapping, powerful as it is, can be bypassed under the right circumstances. As such, it should be but one part of a broader security strategy that, as a whole, is designed to keep out malware or prevent attacks on important computers.
With that, let us begin with a precise definition of air gapping.
Air Gapping: An Exact Definition
Air gapping is the act of isolating a computer or other device from any other devices which happen to be connected to an unsecured network. Unsecured networks may include but are not limited to, the internet or any local area network. Isolation may entail placing the air-gapped device in a separate physical location from all of the others — in which case, one is dealing with a physical air gap — but more importantly, it means that, regardless of the degree of physical separation between the air-gapped device and any others, no signals of any kind may be exchanged between them. Without physical separation, this entails a mere conceptual air gap.
Hence, the only way to transfer data to and from an air-gapped device is via the physical insertion of a USB drive or some other type of dongle.
Air gapping is a cyber security measure that, while not perfectly secure (alas, no measure is), vastly decreases the likelihood of a breach.
How (and Why) Do Air Gaps Work?
An air gap is a simple concept when considered in and of itself; but a truly deep and fleshed-out understanding of its functioning, its mechanics, and its ultimate value to network security requires one to understand a few other subsidiary concepts. We’ll discuss all of these concepts in turn and then combine them to create the most comprehensive and illuminating explanation possible.
Hacking, Networking, and Cyber Security 101
Hacking and cyber security are opposite sides of an ongoing arms race. To understand the significance of air gapping and what its place is in an overall cyber security strategy, it first pays to understand, in at least a broad and general way, what it is that hackers aim to do and how they aim to do it.
In a nutshell, hacking — sometimes also referred to as cracking — is any attempt to gain unauthorized access to a device and then use that access to achieve some further goal held by the hacker. The ultimate goal can be anything from stealing sensitive and important data to altering the mechanics and functioning of some computer system, whether for the sake of malicious fun or profit. Hackers also frequently endeavor to access certain machines so that they may gather the means to access yet other machines. Accessing the first machine is thus a subsidiary goal, a means to a greater end. This is often referred to as pivoting.
In certain cases, ethical hackers — sometimes called penetration testers to distinguish them from the more malicious type — are paid or otherwise asked by the proprietors of a computer network to attempt to bypass that network’s security and gain access to it. This is done so that the network’s cyber security systems can be subjected to a real-world test and any flaws in said security can be detected and removed. The philosophy behind this practice is that it is better to have one’s network security holes be exposed by someone without malicious intent who can then offer advice to improve said security than to be compromised by a cybercriminal eager to exploit and leverage any weaknesses he discovers. Though there are all the ethical differences in the world between these two types of hacking, technically, there is no meaningful distinction between them. Ethical “white hat” hackers and nefarious “black hat” hackers often rely on precisely the same techniques.
To understand how hackers do what they do, one must first understand what a computer network is. In essence, a computer network is simply a collection of interconnected computers. These computers are generally not connected physically through any kind of wiring, although, in relatively rare cases, they might be. More commonly, the connections are established wirelessly through the sending and receiving of electromagnetic signals. These electromagnetic signals contain encoded information in them such that, when the signals are exchanged, the information is exchanged. Computers can send, receive and interpret such signals because they typically each have a special hardware component called a network interface card, sometimes also called a network interface controller or a network adaptor.
In complex networks, routers are used to facilitate the exchange of signals and ensure that each signal reaches its proper destination in the network. Each computer in the network is given some identifying information — typically an IP address and/or a port number associated with it — and then the router receives each signal from the computer that sends it and ensures that that signal is routed toward the computer it was intended for. For any given network, network diagrams can be constructed which specify all of the clients and servers which are part of the network, the wireless access points that provide the medium through which data packets can travel, the routers which handle packet switching, and the direction in which all packets are intended to flow.
For two computers to communicate via TCP/IP — by far the most commonly used networking protocol today — they must complete what is known as a three-way handshake. As the name implies, the process consists of three steps. First, one computer, called a client, seeks to establish a connection with another computer, called a server. To do this, the client sends the server something called a SYN packet, which is a data packet informing the server that it wishes to communicate and specifying the sequence number with which its communications will begin. The server then responds by sending the client a SYN/ACK packet, which acknowledges the receipt of the original SYN packet and its associated communication request and also specifies the sequence number of its prospective communications with the client. Lastly, the client sends the server an ACK packet acknowledging this response, at which point the connection is established. Other networking protocols have different mechanisms from that of TCP/IP, but they are all similar enough that this sketch should be enough to give you a basic idea of how all computer networking functions.
Hacking, to strip it to its bare essence, involves doing three things. First, since networked computers are not likely to respond to just any request for communication, the hacker must gather information — like IP addresses, passwords, or decryption keys — that may help him to establish a connection with the computer or computers that he wishes to break into. Then, he must sniff around for the presence of network traffic or open ports around the network he is targeting. Lastly, he must use what he finds to attempt to fool the network into granting him access.
The Ultimate Significance of Air Gapping
There are a great many details that the above summary, necessarily short and cursory as it is, leaves out — details that can make the hacker’s task anything but straightforward. However, bracketing all such things off to the side, it is evident that any attempt to use one machine to hack into another is contingent upon the latter being connected to some sort of network.
From this fact, it should be obvious why air gapping is such a powerful cyber security technique. If, for example, one wishes to plant malware into an air-gapped computer, then the typical wireless hacking strategy outlined above is simply a non-starter. No computer can communicate with any other computer that neither sends nor receives any sort of wireless signals. By air gapping your computer, you declare that you simply do not wish to take your chances engaging a hacker in any kind of technical chess match.
Creating a physical as opposed to a merely conceptual air gap presents yet another challenge to any would-be hacker. If the target device is not accessible wirelessly because it is built not to communicate wirelessly with other devices, then the only way to access it is to be physically present near the device and to turn it on and use it with one’s own hands. If you can keep the device’s location a secret, or at least make it difficult to physically access without authorization, you will add one more powerful layer of security between your sensitive data and those who would steal or corrupt it.
Air gaps typically appear on network diagrams as sharp lines separating the device or devices which are air-gapped from those which are not. Air-gapped devices or special air-gapped networks — groups of devices that may communicate with one another, but which are prevented from communicating with any other devices by the means described above — can also be depicted on network diagrams as residing within circles. This marks their sharp separation from other relevant devices.
A Final Caveat
We have said this before, but we must emphasize it again: Air gapping is not a foolproof cyber security strategy. Even the most carefully physically air-gapped machine could conceivably be hacked by someone clever enough and dedicated enough to pull off the job. All those who use air-gapped computers with important data on them should be aware of this possibility and should take steps to increase security accordingly.
Air-gapped machines, just like non-air-gapped machines, can be hacked in two general ways: by employing some clever technical exploit or by leveraging the human element in all computer systems.
By the nature of things, the technical exploits available to would-be hackers of air-gapped machines are fewer in number and more difficult to successfully employ. Therefore, while we will discuss them and some ways to counteract them, we wish to focus special attention on the human side of hacking — on what has come to be called social engineering.
In hacking, social engineering is the use of trickery and psychological manipulation to induce people who possess critical network information — IP addresses, decryption keys, passwords, and the like — to unwittingly divulge that information to those who should not have it. More generally, it refers to any tactic which leverages human fallibility to exploit computer systems. For example, a hacker calling up a network administrator, pretending to be a team member working on a company project, and claiming to have forgotten his network password to get the administrator to reveal it would be an example of a social engineering attack.
About air-gapped devices, a social engineering attack might look something like the following: An attacker disguises himself as a company employee and uses the disguise to sneak into a restricted area where an air-gapped computer is being held. He then surreptitiously inserts a dongle into the computer which either installs malware onto it or enables it to communicate wirelessly with the attacker’s computer, at which point the attacker can do as he pleases to the formerly secure device.
Social engineering attacks are as varied and numerous as are human frailties, so there is no universal way to defend against them. As a general rule, one should not trust or believe anyone whom one does not know or cannot see when the topic at issue is sensitive data. It may be wise for organizations housing air-gapped devices to only grant those who can pass biometric scan access to the restricted areas where the air-gapped machines are located. Strategies like network segmentation, which only grant individual users strictly limited access to a network, can be a good way to minimize potential damage done by social engineering attacks.
Among the technical hacks, hackers may attempt to eavesdrop on small bits of electromagnetic radiation coming from an air-gapped device to get a foot in the door. It is therefore critical to ensure that no such radiation emanates from the device to the outside world. One way to do this is to enclose the device in a Faraday cage, though this is often an impractical solution. Another way is to clog up all of the device’s USB ports with USB port blockers. It is also a good idea to encrypt absolutely all data on the air-gapped device, just in case. Moreover, one should probably replace all drives on the air-gapped device with solid-state drives, as these have physical properties which make effective encryption easier. Insulating and shielding all cables that the device uses is another good way to decrease the probability of unwanted signal leakage. Lastly, one should endeavor to keep the device turned off when not in use and, of course, keep its physical location a closely guarded secret.
Sophisticated viruses like Stuxnet and agent.btz can even exploit air-gapped devices thanks to a few very slight vulnerabilities that open up whenever they come into contact with any kind of removable media. Therefore, one should be very careful about this as well.
How Does One Create an Air-Gapped Computer?
The foregoing should be enough to give you an idea of what air gaps are and why they matter, but suppose that you wanted to air gap your laptop. How would you go about doing it?
The first and most important step in this process would be to remove your laptop’s network interface card. As mentioned, this is a piece of computer hardware that allows a computer to connect to networks. You should also remove all WiFi, Ethernet, and Bluetooth-related hardware from the machine, as these are common sources of the kinds of signal leakage discussed above that hackers can, and do, take advantage of.
You should also disable all common network ports on the machine. Network ports are what hackers sniff around for as they look for a way to access your machine. The three-way handshake is conducted through network ports. Every computer has a total of 65,536 ports, and you should disable as many of these as you can. In particular, port 80 for HTTP and port 21 for FTP should go.
Next, you should either place USB port blockers on all USB ports that you do not need or have the ports removed entirely. This, again, is to prevent signal leakage.
It is also crucial to keep the air-gapped device in a safe room whose conditions are ideal for computers to function — i.e. the room must be neither too hot nor too cold and must be utterly free of static electricity. Moreover, the room must be guarded against access by unauthorized persons. Depending on how far you are willing to go in securing the device, you may have to do everything from installing biometric locks to making sure that no air vents connect to the room. Lastly, absolutely no other electronic devices of any kind should be in the same room with your air-gapped laptop, unless those devices have themselves been air-gapped — and even then, you may not want to leave the devices together. The more devices there are in proximity to your machine, the more opportunities that hackers will have to pivot to their ultimate target.
Shut down your air-gapped laptop when it’s not in use. You may even want to unplug it from everywhere entirely. Be sure to shield and insulate all important cables.
Lastly, be as strict as possible with your operational security. Only allow access to the room to those with the right security credentials. The fewer such people there are, the better.
The Origins of Air Gapping
To round out our discussion of air gapping, a word about the technique’s origins and development is in order.
We should perhaps begin our brief excursus on the historical origins of the air gap concept by discussing the term “air gap” itself. The term was borrowed from plumbing. There, an air gap is vertical space between a faucet or some other water outlet and the flood level of the area into which the water is intended to flow, like a sink. This arrangement prevents backflow and keeps contaminants in household sinks from getting into municipal water supplies. Air gaps in plumbing systems are commonly mandated by law in places all over the world.
As for the computer networking concept itself, air gapping, like virtually every other network security measure of note, developed in response to the efforts of hackers to access networks that they had no proper business accessing.
From the very earliest days of hacking, computer hobbyists, miscreants, and pranksters realized that they could manipulate signals and the devices that sent or received them, for laughs. Hacking as we know it today came into being with the advent of phone phreaking — the practice of manipulating the US telecommunications system to place free calls. The father of phone phreaking — and hence, in the minds of many, the world’s first hacker — was John Draper, better known by his sobriquet Captain Crunch. During the 1970s, Draper discovered that the telecommunications system of that time used analog signals to place calls. Then — by essentially just playing around — Draper learned if he whistled a sound of a certain frequency into his phone receiver, he could bypass the routing system and place calls anywhere he wanted for free. Hilariously, the required frequency could be produced by a toy whistle often found in boxes of Captain Crunch cereal — hence, Draper’s nickname.
Later, in 1988, then-Cornell University graduate student Robert Tappan Morris developed the world’s first computer worm. Shortly thereafter, while at MIT in November of that same year, he released it by connecting to another computer and carrying out the world’s first denial of service attack.
Exploits like these revealed to everyone the inherent dangers of allowing devices to remain electromagnetically connected. It was a simple deduction from this to the conclusion that if one were truly serious about securing a device, one would sever all of its network connections. Hence, air gapping.
In short, this supreme cyber security technique requires one either to construct a Faraday cage around one’s device — or something which, for all practical purposes, functions as much like a Faraday cage as possible.
Some Applications of Air Gapping
An air gap can be thought of as the ultimate in network security — as one of the most extreme cyber security measures that there are if not the most extreme one of all. Therefore, air gaps are used in places where network security is paramount, where it is needed even at great expense to convenience. The military uses air-gapped computers to house critical information about important weapons systems, and other government organizations use them to store classified information. Large firms use them to store financial information or trade secrets that are essential to their competitiveness. Activist groups may even use them to protect important information from their adversaries.
Examples of Air Gapping in the Real World
Here are a few critical areas where air-gapped computers play an essential role in keeping important information secret:
- Any kind of military computers that may house information about important weapons systems, military intelligence concerning hostile actors, or the like
- Government computer systems at organizations like the CIA and NSA which store classified information
- Computers, which are used to store, count, and tally voting information during elections
- Stock exchanges like the NYSE, which use computers to conduct critical operations and store price information
- Lotteries, which are often required to use air-gapped systems to prevent fraud
- Aviation and air traffic control computers
- FADEC (Full Authority Digital Engine Control) engine ignition and control systems in airplanes
- Critical IoT control systems at nuclear power plants and other energy plants
- SCADA (Supervisory Control and Data Acquisition) systems at industrial plants