In today’s digital age, cybersecurity has become a top priority for businesses of all sizes. With the increasing number of cyber threats and data breaches, companies are constantly looking for ways to protect their sensitive information. One method that has gained popularity is air-gapping.
Air-gapping is a security measure that involves physically isolating a computer or network from any external or internet-connected devices. By creating an air gap, the computer or network becomes inaccessible to hackers and malicious software.
But is air-gapping something your business should consider? Let’s take a closer look at the pros and cons.
The concept of an air gap backup copy — a backup copy stored on a storage infrastructure that is not accessible from an external connection or the internet — has been around for decades. Air gapping typically plays an important role in the 3-2-1 backup strategy that is an accepted industry best practice. This strategy calls for three copies of data, on two different types of media, with one copy off-site.
Air gapping has a lot of promise, especially in the fight against today`s onslaught of ransomware and other cyber attacks, but it`s not completely foolproof. With a variety of storage media and consumption models expanding the traditional definition of an air gap, it is important for organizations to understand the unique benefits and disadvantages of each approach to data air gapping.
Physical air gaps
Many organizations have moved to isolate some backups from external networks and devices, and tape storage is the traditional form of air gapping. Backup data is copied to a tape cartridge, which is then physically removed and stored in a tape library that is typically hosted off-site. As a result, the air gap backups are physically disconnected from external networks, as well as other storage devices.
In more recent years, off-site object stores, as well as disconnected file systems, have been introduced to facilitate a physical air gap, while, at the same time, addressing some of the pain points of tape, such as lengthy recovery times. These systems require a network connection when data is ingested, so to facilitate isolation, these systems include additional safeguards.
What is air-gapping?
Air-gapping is the process of isolating a computer from a network or a system. This air-gapped computer is not even connected to other systems that are connected to the Internet, so it’s impossible to access this system through the Internet.
Ideally, these air-gapped systems are used for storing credit/debit card details, military data, control systems for critical infrastructure, and other sensitive information. This air-gapped system is often also physically removed from the other computers in the organization to reduce the chances of a physical steal-in.
Note that using just a software firewall to isolate a system is not air-gapping, as these firewalls can be breached through security vulnerabilities, misconfigurations, or both.
To give you an amusing visual idea of how hard it is to actually hack an air-gapped computer, check out this YouTube clip of Tom Cruise hanging from a ceiling and accessing a computer in the iconic “Mission Impossible” movie.
And this may be the easiest way to access an air-gapped device!
Pros of Air-gapping
1. Enhanced Security: Air-gapping provides an additional layer of protection by physically isolating the computer or network from potential threats. This makes it extremely difficult for hackers to gain access to sensitive information.
2. Protection from Malware: By disconnecting from the internet, air-gapped systems are not vulnerable to malware attacks. This is especially beneficial for businesses that deal with highly sensitive data.
3. Compliance Requirements: Certain industries, such as healthcare and finance, have strict compliance regulations that require the use of air-gapped systems to protect patient or customer data. Implementing air-gapping can help your business meet these requirements.
Cons of Air-gapping
1. Limited Connectivity: Air-gapped systems are completely disconnected from the internet, which means they cannot access cloud-based services or receive real-time updates. This can be a challenge for businesses that rely heavily on online collaboration and data sharing.
2. Physical Access Required: Air-gapped systems require physical access to transfer data, which can be inconvenient and time-consuming. This may not be suitable for businesses that need to transfer large amounts of data frequently.
3. Cost: Implementing air-gapping can be expensive, especially for small businesses. It requires additional hardware and infrastructure to create and maintain the air gap.
Is air-gapping secure?
Air-gapping seems like a secure strategy as it does not interact with other systems. But then, is it truly safe?
Stuxnet
Well, first off, note that data is transferred to air-gapped systems through a USB or flash drive storage since it is not connected to any other system and there is no other way to move confidential data to it.
And this is also its security vulnerability as a malicious piece of code, often called a worm, virus, or Trojan, can be inserted into the air-gapped system through these flash drives.
A good example of this form of attack is a computer worm called Stuxnet that was first introduced to penetrate Iran’s nuclear facilities. In this infrastructure, the centrifuges were stored in air-gapped systems, and they were infiltrated through the Stuxnet worm from the USB files.
This worm exploits the unknown Windows vulnerabilities and infects the systems into which they are infected. At the same time, Stuxnet masks the controllers, and hence, it is difficult to identify Stuxnet’s presence until it’s too late.
Radio and mobile signals
Israel has developed a hacking mechanism using radio and mobile signals to steal data remotely from air-gapped and other systems.
It is believed that the NSA uses this method to siphon off data and passwords from remote systems using transceivers (combination of transmitters and receivers), though the exact working remains largely unknown.
Insider attack
No air-gapped system is safe from authorized personnel. This means if an employee who is authorized to use this system decides to compromise it, there’s very little that an organization can do.
Sometimes, employees can also unwittingly delete or even corrupt an air-gapped system, so that’s something to consider as well.
Ultrasonic sound waves
Do you know that two systems can exchange data via ultrasonic waves? Though it may sound ridiculous, it is anything but!
A group of researchers in Israel’s Ben Gurion University found that they can reverse the connected speakers to leverage an audio chip feature and, through it, convert the speakers into listening devices. Though it requires expert knowledge to set up this communication flow, it is not impossible, and can be done within just a few hours!
All these go to show that air-gapped systems are a good strategy to store sensitive data, but it may not be as safe as you think.
Should you consider air-gapping?
From the above discussion, it’s clear that air-gapping is not 100% foolproof but can save your data from most hackers.
In other words, if a government agency or a large hacking cartel wants your data, they can steal from an air-gapped system. But, on the other hand, your data is safe from hackers who want to steal records to sell them on the dark web.
Also, most of the hacking strategies we discussed earlier are those developed by researchers for academic purposes and have not been implemented in real-time except for the virus. Further, you need precise conditions for these hacks to work, and it is not possible to replicate them always.
So, should you consider air-gapping? The answer depends on the kind of data you store. If it is credit-debit card details and PII of your customers and employees, air-gapping can protect you greatly from a possible hack. But if you have highly sensitive information such as military secrets, air-gapping alone will not help.
Besides, maintaining an air-gapped system is expensive as you have to protect that device from unauthorized access and implement security measures around it. Further, this is a single point of failure, so you could lose all the data if the system fails due to natural reasons.
Is Air-gapping Right for Your Business?
Whether or not air-gapping is right for your business depends on several factors:
1. Data Sensitivity: If your business deals with highly sensitive data that could have severe consequences if compromised, air-gapping may be worth considering.
2. Compliance Requirements: If your industry has specific compliance regulations that require the use of air-gapped systems, it is essential to implement this security measure.
3. Connectivity Needs: Consider whether your business heavily relies on internet connectivity and real-time updates. If so, air-gapping may not be the best option for you.
4. Budget: Evaluate the cost of implementing and maintaining air-gapping. If it exceeds your budget, you may need to explore alternative cybersecurity measures.
Conclusion
Air-gapping can be an effective security measure for businesses that deal with highly sensitive data and have specific compliance requirements. However, it is important to consider the limitations and costs associated with air-gapping before implementing it. Conduct a thorough risk assessment and consult with cybersecurity experts to determine the best approach to protect your business’s information.
