When you read about cybersecurity, you will probably see talk of “air-gap”; computer systems. It’s a technical name for a simple concept: a computer system that is physically isolated from potentially dangerous networks. Or, in simpler terms, using a computer offline.
What is an air-gap computer?
An air-gap computer system has no physical (or wireless) connection to insecure systems and networks.
For example, let’s say you want to work with sensitive financial and business documents without the risk of ransomware, keyloggers and other malicious code. You decide that you should only set up an offline computer in the office and not connect it to the internet or any network.
Congratulations: You have just invented the concept of airing a computer, even though you have never heard of this term.
The term “air gapping” refers to the idea that there is an air gap between the computer and other networks. It is not connected to them and it cannot be attacked via the network. An attacker would have to “cross the air gap” and physically sit down in front of the computer to compromise on it, as there is no way to access it electronically via a network.
When and Why People Air Gap Computers
Not every computer or computer task needs a network connection.
Picture, for example, critical infrastructure such as power plants. They need computers to run their industrial systems. But these computers do not need to be exposed to the internet and networks – they are “air-gap” for security. This blocks all network-based threats, and the only downside is that their operators have to be physically present to control them.
You can also split air computers at home. For example, let’s say you have some old software (or a game) that works best on Windows XP. If you still want to use the old software, the safest way to “air gap” is the Windows XP system. Windows XP is vulnerable to various attacks, but you are not as at risk as long as you keep your Windows XP system offline and use it offline.
Or if you work with sensitive business and financial data, you can use a computer that is not connected to the internet. You have maximum security and integrity for your work as long as you keep your device offline.
How Stuxnet attacked Air Gapped computers
Air-gap computers are not immune from threats. For example, people often use USB devices and other removable storage devices to move files between air-gap computers and networked computers. For example, you can download an application to a network computer, place it on a USB device, take it to the air-gap computer, and install it.
This opens a vector for attack, and it is not a theoretical one. The sophisticated Stuxnet mask worked this way. It was designed to spread by infecting removable devices such as USB devices, allowing it to cross an “air gap” when poeple connects these USB devices to air-gap computers. It then used other companies to spread through air-gap networks, as some air-gap computers in organizations are connected to each other but not to larger networks. It was designed to target specific industrial programs.
It is widely believed that the Stuxnet worm severely damaged Iran’s nuclear program and that the worm was built by the United States and Israel, but the countries involved have not publicly confirmed these facts. Stuxnet was sophisticated malware designed to attack air gap systems – we know that for sure.
Other potential threats to Air Gapped computers
There are other ways that malicious code can communicate over networks with gaping air, but they all involve an infected USB device or similar device that introduces malicious code on the air gaped computer. (They may also involve a person physically accessing your computer, compromising it, and installing malicious code or modifying its hardware.)
For example, if malware was introduced on a computer with an airspace via a USB device and there was another infected computer nearby connected to the Internet, the infected computers may be able to communicate over the air gap by transmitting high frequency audio data using computer speakers and microphones. It is one of many techniques demonstrated at Black Hat USA 2018.
These are all pretty sophisticated attacks – much more sophisticated than the average malware you find online. But they are a concern for nation states with a nuclear program, as we have seen.
As I said, malware in the garden can also be a problem. If you bring a ransomware-infected installer to an air-locked computer via a USB device, that ransomware can still encrypt the files on your air-locked computer and wreak havoc, requiring you to connect it to the Internet and pay money before it will decrypt your data.
RELATED: Do you want to survive Ransomware? How to protect your computer
How to air a computer
As we have seen, air gap a computer is actually quite simple: just disconnect it from the network. Do not connect it to the internet or connect to a local network. Disconnect physical Ethernet cables and disable the computer’s Wi-Fi and Bluetooth hardware. For maximum security, consider reinstalling your computer’s operating system from trusted installation media and using it completely offline thereafter.
Do not reconnect your computer to a network, not even when you need to transfer files. For example, if you need to download software, use a computer connected to the Internet, transfer the software to something like a USB device, and use that storage device to move the files back and forth. This ensures that your air-gap system cannot be compromised by an attacker over the network, and it also ensures that, even if there is malicious software such as a keylogger on your air-gap computer, it cannot communicate any data over the network.
For better security, disable all wireless network hardware on the air-gap computer. For example, if you have a desktop computer with a Wi-Fi card, open the computer and remove the Wi-Fi hardware. If you are unable to do so, you can at least go to the system BIOS or UEFI firmware and disable the Wi-Fi hardware.
In theory, malware on your air-gap computer could reactivate Wi-Fi hardware and connect to a Wi-Fi network if a computer has working wireless network hardware. So for a nuclear power plant, you really want a computer system that has no wireless network hardware inside. At home, disabling Wi-Fi hardware can only be good.
Be careful with the software you download and bring it to the air-gap system as well. If you are constantly transporting data back and forth between an air gap system and a non-gap system via a USB device and both are infected with the same malware, malware can filter out data from your air gap system via USB device.
Finally, make sure the air-gap computer is also physically secure – physical security is all you need to worry about. For example, if you have an air-gap critical system with sensitive business data in an office, it should probably be in a secure area like a locked room rather than in the middle of an office where different people are always going back and forth. If you have a laptop with sensitive data, store it safely so that it is not stolen or otherwise physically compromised.
(Full disk encryption can help protect your files on a computer, even if it is stolen.)
Airing a computer system is in most cases not possible. Computers are usually so useful because they are networked after all.
But air-gapping is an important technology that ensures 100% protection against network threats if done properly – just make sure no one else has physical access to the system and does not include malicious code on USB devices. It is also free with no expensive security software to pay for or a complicated installation process to go through. It is the perfect way to secure certain types of computer systems in specific situations.