The air gap, a cybersecurity countermeasure that isolates digital assets to keep them out of reach from malicious actors, is the subject of many industry myths.
Conventional wisdom around physical air gapping operational technology (OT) has a certain allure to it — cutting off connections should mean no threats. But buying into this assumption is not the whole picture and the tradeoffs that result from not being fully aware of how air gapping affects organisations often prove costly.
Like all good myths, there is a kernel of truth to what we believe about air gaps. To get at the power of this mythology, it is worth investigating its origins and what factors gave rise to the notion that physical separation would secure technologies.
Well, it goes like this: Before 1969 and the advent of the ARPANET, there were few effective or economical ways of linking computers into networks. At the time, the state of play meant that an air-gapped asset was protected by placing it behind a barrier that prevented unauthorised access.
The ARPANET, which became the Internet, while ushering in the fantastic benefits of connectivity, also created the security nightmare that most of us are dealing with today. It can be seductive to harken back to those idyllic times, when computers sat in glass rooms, completely disconnected from the outside world.
However, there is no going back. As our assets become even more interconnected, the air-gapped systems of yore will never return.
See also: Keys to achieving human-centred automation testing
According to a KPMG Singapore report, the growing number of OT vulnerabilities discovered and reported annually will increase in intensity, due to the growing complexity of threats as a result of organisations embracing new technologies.
From data analytics and machine learning to distributed control systems (DCS), virtualisation, and supervisory control and data acquisition (SCADA) hosted on the cloud, the physical air gap is no longer fit for purpose.
What is an air gap, anyway?
See also: Human element still important for effective mass communication
As the name implies, the most commonly used barrier is physical separation — separating a designated system away from other assets and cutting it off from network connections. In the world of backup and restore, this might mean shipping backup tapes to a secure offsite facility, in a bid to keep hackers out by storing physical copies "offsite" or "offline" in a location that is unknown to unauthorised parties.
Traditionally, air gaps defend against both unauthorised access as well as unwanted modification, creating an overlap between intrusion protection and data protection even as they pursue separate security objectives. This distinction is relevant because some air gaps exist to prevent a system breach, while others are designed to defend against damage to data or software.
Physical air gaps have their drawbacks. They can be costly to implement and cumbersome to manage. They also generally provide relatively slow Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) because data has to be manually, and securely, transported across the air gap.
With the deployment of more digital assets, the impenetrability offered by physical air gaps begins to wane. But that has not stopped some in the security field from insisting that they form a cyber defence strategy. The Singapore government has acknowledged that this is no longer tenable, amid the drive to gain more insightful data collection and analysis through the introduction of new digital solutions in OT systems.
Myth # 1: Only a physical air gap can ensure the highest level of security
As mentioned earlier, the physical air gap may have once ensured the highest level of security, but one issue that compromises this notion relates to unknown connectivity.
With literally billions of devices now connected to the Internet, it is possible, or even probable, that a device thought to be air-gapped is actually on the network. The problem is that no one knows.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Indeed, many IT organisations are shocked, upon running network security scans, to discover previously unknown devices on their networks, along with accidentally connected air-gapped systems.
Physical air gaps also tend to lack protection against insider attacks, social engineering, and basic human nature. This means that systems that rely on physical air gaps are not immune to physical access points that can be exploited to add, delete or modify data.
Commonly known as a “sneakernet,” this access point exposes the air-gapped system to threats. A malicious insider, for example, or a hacker who impersonates a credentialled user can compromise it. Or, basic forgetfulness on the part of a team member may lead to ports left open, doors being unlocked, and so forth. As a result, the air-gapped system is vulnerable to unauthorised access.
Myth #2: An air gap must be a physical separation
Some would argue that one either has a physical air gap or “no air gap.” There is no law of the land or hard and fast rule that establishes this truth one way or another, but in day-to-day terms, the notion that only physical air creates an air gap is a myth.
As a countermeasure, an effective air gap can be instantiated simply by disconnecting a machine from a network. One could have two servers on the same rack, for example, with one on the network and one-off. The latter machine would be air-gapped — meaning it would be effectively impossible for a hacker to reach it over the network.
However, it is no longer feasible to disconnect mission-critical assets from the network, and this is especially so amid the digital transformation initiatives being undertaken by organisations in Singapore and across the Asia Pacific.
The “logical air gap” is an alternative Zero Trust approach, which segregates and protects a network-connected digital asset on a logical basis, rather than a physical one.
A logical air gap achieves separation through a Zero Trust Architecture including encryption, which makes data useless to an attacker, and immutability, which prevents data from being changed. When coupled with role-based access controls and multi-factor authentication, the logical air gap can deliver the same or better risk mitigation as a physical air gap.
Myth # 3: Logical air gaps are not as secure as physical air gaps
Another myth holds that a logical air gap is not as secure as a physical air gap. With the right logical air gap implementation, this is simply not true.
For one thing, a physical air gap can have many vulnerabilities. But, even assuming the best-case scenario, a well-designed and highly secure physical air gap is not necessarily more secure than a logical air gap.
Logical air gaps ensure digital data is stored in the backups and once saved, is fixed, and cannot be deleted. As a result, organisations build cyber resilience by effectively keeping stored data invisible to attackers.
Utilising a multi-layered approach to security, logical air gaps render OT systems less vulnerable to breaches than even a well-built physically air-gapped system. Harnessing zero trust to ensure the privacy and integrity of data, an effective logical air gap solution is built on the idea that processes must be validated and secured through the exchange of certificates and tokens.
The ingenuity of an effective logical air gap is that it leverages immutability to ensure data is unchangeable and can be deployed to production servers immediately in case of ransomware attacks or other data loss events. Even on the off chance a malicious actor could somehow breach the logical air gap's defences, the attacker would find worthless encrypted data.
Wrap-up
The modern air gap is quite different from its predecessors. Not only has the technology and the overall threat environment evolved, but the design of air gaps has also changed over time.
The myth that physical is better than logical is archaic and is flat-out wrong. In a more distributed and virtualised world, the logical air gap is more secure than the physical one.
Kamal Brar is the vice president for Asia Pacific and Japan at Rubrik