What Is An Air Gap? | Definition From TechTarget

• Home
• Security management

• Share this item with your network:

By

• Alexander S. Gillis, Technical Writer and Editor

Published: Sep 13, 2022

What is an air gap?

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. An air-gapped computer is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices.

Air gaps protect critical computer systems or data from potential attacks ranging from malware and ransomware to keyloggers or other attacks from malicious actors.

To transfer data between a computer or network and an air-gapped system, data is copied to a removable media device such as a USB drive and is physically carried by the user to the other system. In systems where security is paramount, the air-gapped system should have restricted access so only a few trusted users can access the system and deliver the data. The principle of least privilege limits users' access rights, which can also help decrease the chances of a cyber attack.

Air-gapped systems are still susceptible to electromagnetic leakage, which are waveforms emitted from the computing devices or wires that a hacker can analyze and use to attack the system. To prevent electromagnetic exploits, there's usually a specified amount of space between the air-gapped system and the outside walls, as well as space between its wires and the wires of other technical equipment. For a system with extremely sensitive data, an organization can use a Faraday cage to prevent electromagnetic radiation from escaping from the air-gapped equipment.

Although these measures may seem extreme, a threat actor could still intercept keystrokes or screen images from demodulated electromagnetic radiation waves from some distance away using special equipment.

Another way to protect a computing device or network from an air-gap attack is through end-user security awareness training. The infamous Stuxnet worm, which was designed to attack air-gapped industrial control systems, is thought to have been introduced by infected thumb drives found by employees or obtained as free giveaways.

Why are air gaps used?

Air-gapped networks are used to protect many types of critical systems from hackers or other malicious threat actors. For example, air-gapped networks are used to support the stock market, the military, government agencies and industrial power industries.

Air gaps are also used for backup and recovery. When data backups are air gapped, the security measure can aid in recovery efforts. For example, if an organization uses air gapping as part of its backup strategy and its network is hit by a ransomware attack, the air-gapped copy of data can be used for recovery.

Types of air gaps

There are generally three types of air gaps: total physical air gaps, air-gapped systems isolated within one environment and logical air gaps.

1. Total physical air gaps are air-gapped systems in which hardware or software is physically isolated in its own environment. This type of air gap separates a system completely from other network-connected systems and may also have restricted physical access.
2. Isolated air-gapped systems are separated from other systems in the same environment, perhaps even on the same rack, but aren't connected to the same network.
3. Logical air gaps separate systems within the same network logically instead of physically. Logical separation methods can be completed using encryption and role-based access control, for example.

Some organizations may also have to handle two levels of information, which are separated into high and low sides. The high side is information or systems that require a highly secured environment -- such as critical infrastructure -- while the low side is data or systems that can be left connected to a network.

Air gap challenges

Although some organizations believe that air gapping is a viable security measure, air gaps are disappearing due to the following challenges:

• Manual updates. Air-gapped systems can't connect to the internet to update software automatically. Systems administrators must instead manually download and install new updates and patches. This requires more manual input, and if sys admins become too relaxed on updates, then the software on their air-gapped systems will become out of date, leaving the system unprotected from emerging virus threats.
• Human error and insider attacks. Sending data to an air-gapped system traditionally requires the use of a portable storage device like a USB. If brought on premises, infected USB devices could be used to leak data from an air-gapped system. Additionally, users could accidentally leave doors unlocked or USB ports unguarded.
• Electromagnetic attack. Air-gapped systems are susceptible to electromagnetic leakage, which enables malicious actors to analyze waveforms emitted from the CPU, chassis fans or wires with the goal of attacking the system.
• Supply chain attacks. A virus could be installed in updated software that gets passed along to air-gapped systems.

In 2018, the U.S. accused Russia of infecting air-gapped systems for electrical grid operations. Another instance where an attack jumped the air gap is when the Kudankulam Nuclear Power Plant in Tamil Nadu, India, was hit by a cyber attack, even though it had air-gapped systems. Any data at rest inside an air-gapped system should be encrypted to help create stronger cybersecurity practices and reduce vulnerabilities.

Learn more about air gap backups and how they add a layer of protection to data.

Continue Reading About air gap (air gapping)

• The limits and risks of backup as ransomware protection

• Clumio launches air-gapped data protection service

• Dell draws line between cyber recovery and disaster recovery

• Powerhammering: Can a power cable be used in air-gapped attacks?

• How air gap attacks challenge the notion of secure networks

Related Terms

What is counterintelligence? Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary's knowledge ... See complete definition What is digital trust? Digital trust is the confidence users have in the ability of people, technology and processes to create a secure digital ... See complete definition What is identity and access management? Guide to IAM No longer just a good idea, IAM is a crucial piece of the cybersecurity puzzle. It's how an organization regulates access to ... See complete definition

New & Updated Definitions

• What is automated machine learning (AutoML)?

  Automated machine learning (AutoML) is the automated process that applies machine learning models to real-world problems. See More.

• What is a data scientist? What do they do?
• What is 5G New Radio (5G NR)?
• What is multi-access edge computing? Benefits and use cases
• What is 5G?
• What is a small cell in wireless networks?
• What is 6G? Overview of 6G networks & technology
• phase-locked loop (PLL)
• What is identity and access management? Guide to IAM

Latest TechTarget resources

• Networking
• Security
• CIO
• HR Software
• Customer Experience

Search Networking

• What is multi-access edge computing? Benefits and use cases

  Multi-access edge computing (MEC) is a network architecture concept that brings cloud computing capabilities and IT services ...

• What is 5G?

  Fifth-generation wireless or 5G is a global standard and technology for wireless and telecommunications networks.

• What is a small cell in wireless networks?

  A small cell is a type of low-power cellular radio access point or base station that provides wireless service within a limited ...

Search Security

• What is identity and access management? Guide to IAM

  No longer just a good idea, IAM is a crucial piece of the cybersecurity puzzle. It's how an organization regulates access to ...

• What is data masking?

  Data masking is a security technique that modifies sensitive data in a data set so it can be used safely in a non-production ...

• What is antivirus software?

  Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other ...

Search CIO

• What is a chief data officer (CDO)?

  A chief data officer (CDO) in many organizations is a C-level executive whose position has evolved into a range of strategic data...

• What is user-generated content?

  User-generated content (UGC) is published information that an unpaid contributor provides to a website.

• What is business process outsourcing (BPO)?

  Business process outsourcing (BPO) is a business practice in which an organization contracts with an external service provider to...

Search HRSoftware

• What is compensation management?

  Compensation management is the discipline and process for determining employees' appropriate pay, incentives, rewards, bonuses ...

• What is HR technology (human resources tech)?

  HR technology (human resources tech) refers to the hardware and software that support an organization's human resource management...

• What is core HR (core human resources)?

  Core HR (core human resources) is an umbrella term that refers to the essential, mandatory and fundamental tasks and functions of...

Search Customer Experience

• What are virtual agents and how are they being used?

  A virtual agent is an AI-powered software application or service that interacts with humans or other digital systems in a ...

• Customer acquisition cost (CAC): How to calculate and reduce it

  Customer acquisition cost (CAC) is the cost associated with convincing a consumer to buy your product or service, including ...

• What is direct marketing?

  Direct marketing is a type of advertising campaign that seeks to elicit an action (such as an order, a visit to a store or ...

Close