Browse Definitions :

air gap (air gapping)

What is an air gap?

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. An air-gapped computer is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices.

Air gaps protect critical computer systems or data from potential attacks ranging from malware and ransomware to keyloggers or other attacks from malicious actors.

To transfer data between a computer or network and an air-gapped system, data is copied to a removable media device such as a USB drive and is physically carried by the user to the other system. In systems where security is paramount, the air-gapped system should have restricted access so only a few trusted users can access the system and deliver the data. The principle of least privilege limits users' access rights, which can also help decrease the chances of a cyber attack.

Air-gapped systems are still susceptible to electromagnetic leakage, which are waveforms emitted from the computing devices or wires that a hacker can analyze and use to attack the system. To prevent electromagnetic exploits, there's usually a specified amount of space between the air-gapped system and the outside walls, as well as space between its wires and the wires of other technical equipment. For a system with extremely sensitive data, an organization can use a Faraday cage to prevent electromagnetic radiation from escaping from the air-gapped equipment.

Although these measures may seem extreme, a threat actor could still intercept keystrokes or screen images from demodulated electromagnetic radiation waves from some distance away using special equipment.

Another way to protect a computing device or network from an air-gap attack is through end-user security awareness training. The infamous Stuxnet worm, which was designed to attack air-gapped industrial control systems, is thought to have been introduced by infected thumb drives found by employees or obtained as free giveaways.

Why are air gaps used?

Air-gapped networks are used to protect many types of critical systems from hackers or other malicious threat actors. For example, air-gapped networks are used to support the stock market, the military, government agencies and industrial power industries.

A visualization of how air-gapped devices are separated from the rest of a network.
Air-gapped systems are physically separated from the rest of a network.

Air gaps are also used for backup and recovery. When data backups are air gapped, the security measure can aid in recovery efforts. For example, if an organization uses air gapping as part of its backup strategy and its network is hit by a ransomware attack, the air-gapped copy of data can be used for recovery.

Types of air gaps

There are generally three types of air gaps: total physical air gaps, air-gapped systems isolated within one environment and logical air gaps.

  1. Total physical air gaps are air-gapped systems in which hardware or software is physically isolated in its own environment. This type of air gap separates a system completely from other network-connected systems and may also have restricted physical access.
  2. Isolated air-gapped systems are separated from other systems in the same environment, perhaps even on the same rack, but aren't connected to the same network.
  3. Logical air gaps separate systems within the same network logically instead of physically. Logical separation methods can be completed using encryption and role-based access control, for example.

Some organizations may also have to handle two levels of information, which are separated into high and low sides. The high side is information or systems that require a highly secured environment -- such as critical infrastructure -- while the low side is data or systems that can be left connected to a network.

Air gap challenges

Although some organizations believe that air gapping is a viable security measure, air gaps are disappearing due to the following challenges:

  • Manual updates. Air-gapped systems can't connect to the internet to update software automatically. Systems administrators must instead manually download and install new updates and patches. This requires more manual input, and if sys admins become too relaxed on updates, then the software on their air-gapped systems will become out of date, leaving the system unprotected from emerging virus threats.
  • Human error and insider attacks. Sending data to an air-gapped system traditionally requires the use of a portable storage device like a USB. If brought on premises, infected USB devices could be used to leak data from an air-gapped system. Additionally, users could accidentally leave doors unlocked or USB ports unguarded.
  • Electromagnetic attack. Air-gapped systems are susceptible to electromagnetic leakage, which enables malicious actors to analyze waveforms emitted from the CPU, chassis fans or wires with the goal of attacking the system.
  • Supply chain attacks. A virus could be installed in updated software that gets passed along to air-gapped systems.

In 2018, the U.S. accused Russia of infecting air-gapped systems for electrical grid operations. Another instance where an attack jumped the air gap is when the Kudankulam Nuclear Power Plant in Tamil Nadu, India, was hit by a cyber attack, even though it had air-gapped systems. Any data at rest inside an air-gapped system should be encrypted to help create stronger cybersecurity practices and reduce vulnerabilities.

Learn more about air gap backups and how they add a layer of protection to data.

This was last updated in September 2022

Continue Reading About air gap (air gapping)

  • identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to ...

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

  • IT budget

    IT budget is the amount of money spent on an organization's information technology systems and services. It includes compensation...

  • project scope

    Project scope is the part of project planning that involves determining and documenting a list of specific project goals, ...

  • core competencies

    For any organization, its core competencies refer to the capabilities, knowledge, skills and resources that constitute its '...

  • Workday

    Workday is a cloud-based software vendor that specializes in human capital management (HCM) and financial management applications.

  • recruitment management system (RMS)

    A recruitment management system (RMS) is a set of tools designed to manage the employee recruiting and hiring process. It might ...

  • core HR (core human resources)

    Core HR (core human resources) is an umbrella term that refers to the basic tasks and functions of an HR department as it manages...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...