The Gap You Won’t Want to Close: Air-Gapped Systems
You’ve seen the movies. The ones where there’s a hidden vault nestled within a busy metropolis, lying deep underground surrounded by a labyrinth of concrete walls and impervious to the chaos of the city above that becomes the target for some highly trained robbers or group of “Robin Hoods.” The impenetrable security measures surrounding the vault stand as a testament to protecting and safeguarding the most valuable treasures to humanity, so it can be remarkable to consider the fact that countless people can pass by it unaware of its existence. You probably thought of several movies, and in the realm of cybersecurity, there is a parallel safe haven, the air-gapped system.
What is an Air-Gapped System?
An air-gapped system is a computer or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices. The term “air-gapped” is referring to the literal air gap between the isolated system and any potential sources of external communication. The primary purpose of an air-gapped system is to enhance security by preventing unauthorized access, data exfiltration, and remote attacks. This enhancement includes physically isolating the system and minimizing the risk of cyber threats. Air-gapped systems are commonly used in environments that handle highly sensitive information such as government agencies, military installations, and research laboratories.
You may be wondering, given its extreme isolation, how can such a system be practical. How does data find its way in and out? Where and how is it transferred and utilized? First, let’s be aware of how it’s set up in the first place. For an air-gapped system to serve its purpose, every step of setting it up has to be executed perfectly. This means planning the locations, purpose, and requirements of the system and then, being wise about your hardware and operating system choices. Be selective about the hardware by ensuring its high quality, compatibility, and reliability, and then, select an operating system that is known for its robust security. Most of us are familiar with Windows and Mac OS, and yes, the OS stands for operating system, but a lot of us have not encountered or heard of Linux. This operating system is known for its heightened security and a hardened Linux distribution is more often leveraged by air-gapped systems. When considering the extensive measures involved in setting up this system, naturally, you can assume that a secure method for data transfer exists as well.
To ensure secure data transfer in an air-gapped system, it is crucial to establish a controlled mechanism for moving data in and out. This can be achieved by utilizing dedicated removable devices, such as USB drives, and implementing strict procedures to scan and sanitize the data, minimizing the associated risks.
For instance, CaseGuard Studio, the all-in-one redaction software is already proven to be 100% functional in an air-gapped system with a process already in place on how to do so, giving us the perfect example for this scenario. If you are looking to install specific software such as CaseGuard Studio, on your air-gapped system, the first step involves installing the software on a trusted computer that has network connectivity. Since the air-gapped system cannot directly connect to the internet, having a trusted network-connected device is necessary for this initial software installation process. Once the software is installed on the trusted computer, the next step is to transfer the files and data onto an approved removable device or any other approved method. These files can then be securely attached to the air-gapped system, allowing the installation of the software without requiring the air-gapped system to be connected to a network.
By following this approach, the air-gapped system can access the desired software without compromising its isolation from the network. This ensures that the system remains protected while still benefitting from the functionality and capabilities offered by the software.
The Security Risks
Unfortunately, even with extensive risk mitigation measures in place, it is important to recognize that minimizing risks does not provide a guarantee of complete protection. The method of using a USB to connect to an air-gapped system does open the door to cybersecurity threats. There are different types of cybersecurity threats, including malware, phishing, and network-based attacks. However, these threats are not likely to pose a significant risk in an air-gapped system because the lack of network connectivity reduces the attack surface and limits the potential vectors that these threats can propagate.
There are other types of attacks, such as physical attacks, side-channel attacks, and supply chain attacks, that can potentially be used to penetrate the air-gapped system. These attacks exploit vulnerabilities in the physical components, electromagnetic emissions, or trusted entities involved in the system, bypassing traditional network-based security measures.
Physical attacks on an air-gapped system involve direct access. Adversaries can attempt to tamper with the hardware components in different ways including inserting a malware-infected USB drive. The USB driver can have malware such as viruses, worms, ransomware, and more, that would be executed when connected to the air-gapped computer, bypassing the need for a network to execute the attack. Another potential physical attack is implementing a keylogger. Once physical access is gained, the attacker can expose the motherboard and other internal components and use specialized tools to implant malicious hardware such as a keylogger. This hardware is designed to capture keystrokes and screen content which remotely transfers the data to the attacker. By compromising those two factors, the attacker gains means to infiltrate accounts and have access to sensitive information.
Air-gapped systems are typically housed in high-security buildings, making unauthorized physical access almost impossible. However, social engineering attacks pose a risk. Attackers may impersonate authorized individuals or exploit stolen credentials to gain entry. Even an authorized person with ill intent can be a high threat as they have proper access to the system, this is known as an insider threat.
Side-channel attacks work by exploiting leaked information through observable side channels, such as power consumption, electromagnetic radiation, or acoustic emanations. They can use a power analysis device to measure power variations or an electromagnetic probe to capture electromagnetic radiation. Attackers can infer sensitive information, such as cryptographic keys or data being processed by the system by analyzing these side-channel signals using statistical techniques or machine learning algorithms. This attack relies on the physical characteristics of the system, rather than network vulnerabilities which means it is typically used against air-gapped systems.
Supply Chain Attacks
Supply Chain Attacks target the trusted entities within the supply chain, for example, adversaries can infiltrate the assembly process of the air-gapped system by introducing malicious components such as hardware implants. The now tampered components will still appear legitimate but have a hidden functionality that is designed to later compromise the system. Firmware and software manipulation is another form of this attack where the attacker will target software developers, engineers, and other personnel involved to gain access to the development environment. With this access, they can manipulate source code repositories, and the systems build and introduce malicious code.
Air-Gapped Is More Secure
Physical attacks, side-chain attacks, and supply-chain attacks are common in air-gapped systems but can be used on regular systems as well. Regular systems though, are connected to the network and are susceptible to additional attack vendors. Having an air-gapped system helps mitigate several types of attacks that rely primarily on network connectivity such as network-based, remote exploitation, external command and control, and certain phishing attacks. By eliminating direct network connectivity, the system can prioritize efforts on addressing legitimate threats specific to the air-gapped environment, enhancing the overall protection and resilience of the system.