Overcoming Air Gap Security Failures

July 2012

Air Gaps are not as secure as you might think.

There is a clear need to have networks that are not connected to the Internet. For example military networks, corporate networks that contain core intellectual property (design of a new drug) and process control networks.

How do you securely transfer data (such as operational data, operating system updates, core information from third parties) from the Internet into such networks?

A common solution is to implement an air gap. This is how it (should) work:

  1. Data is copied from the Internet on a transfer medium (USB stick, CD)
  2. The USB (or CD) is removed from the computer
  3. The USB stick is then tested for known malware on a stand alone system (sheep dip)
  4. The USB stick is inserted onto a machine on the secure systems
  5. The USB stick removed and securely destroyed (or cleaned)

The problem with this manual process, is step 5 is all too often forgotten, and the USB stick re-used in step 1). This introduces a return path for any malware to leak data. This is not a new concept, it was exploited by Stuxnet and more recently in the Indian Navy security incident. The weakest link of this mechanism is not the technology or the process, but the human user operating the process.

Data Diode

A solution is to remove the human user operator from the process. This is where the technology of data diodes are finding increasing use in the market. They provide (as the name suggests) a one way flow of data, and by design can provide a 100% guarantee that data can only flow one way – very few security product can provide these assurances. There is a challenge in deploying diode as many of the data communication protocols require a two-way handshake. Data diode products typically use proxy technology to overcome this problem.

This is one of the challenges of security. Intuition suggests that air gaps are secure, and putting a network link in place will weaken the solution. The difficulty comes as this only considers the technical aspects of security, but security is about technology, process and people working together.

See Also


Author Bio – Colin Robbins

Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.


Be the first to know about developments in secure information exchange