When reading about cyber-security, you’ll probably see talk about “air-gapped” computer systems. It’s a technical name for a simple concept: A computer system that’s physically isolated from potentially dangerous networks. Or, in simpler terms, using a computer offline.
What Is an Air-Gapped Computer?
An air-gapped computer system has no physical (or wireless) connection to unsecured systems and networks.
For example, let’s say you want to work on sensitive financial and business documents without any risk of ransomware, keyloggers, and other malware. You decide that you’ll just set up an offline computer in your office and not connect it to the internet or any network.
Congratulations: You’ve just re-invented the concept of air-gapping a computer, even if you’ve never heard of this term.
The term “air gapping” refers to the idea that there is a gap of air between the computer and other networks. It isn’t connected to them and it can’t be attacked over the network. An attacker would have to “cross the air gap” and physically sit down in front of the computer to compromise it, as there’s no way to access it electronically over a network.
When and Why People Air Gap Computers
Not every computer or computing task needs a network connection.
For example, picture critical infrastructure like power plants. They need computers to operate their industrial systems. However, those computers don’t have to be exposed to the internet and network—they’re “air-gapped” for security. This blocks all network-based threats, and the only downside is that their operators have to be physically present to control them.
You could air gap computers at home, too. For example, let’s say you have some old software (or a game) that runs best on Windows XP. If you still want to use that old software, the most secure way to do so is to “air gap” that Windows XP system. Windows XP is vulnerable to a variety of attacks, but you’re not as risk as long as you keep your Windows XP system off networks and use it offline.
Or, if you’re working on sensitive business and financial data, you could use a computer that isn’t connected to the internet. You’ll have maximum security and privacy for your work as long as you keep your device offline.
How Stuxnet Attacked Air Gapped Computers
Air-gapped computers aren’t immune from threats. For example, people often use USB drives and other removable storage devices to move files between air-gapped computers and networked computers. For example, you might download an application on a networked computer, put it on a USB drive, take it to the air-gapped computer, and install it.
This opens up a vector of attack, and it’s not a theoretical one. The sophisticated Stuxnet worm worked in this way. It was designed to spread by infecting removable drives like USB drives, giving it the ability to cross an “air gap” when people plugged those USB drives into air-gapped computers. It then used other exploits to spread through air-gapped networks, since some air-gapped computers inside organizations are connected to each other but not to larger networks. It was designed to target specific industrial software applications.
It’s widely believed that the Stuxnet worm did a lot of damage to Iran’s nuclear program and that the worm was built by the USA and Israel, but the countries involved haven’t publicly confirmed these facts. Stuxnet was sophisticated malware designed to attack air-gapped systems—we do know that for sure.
Other Potential Threats to Air Gapped Computers
There are other ways malware could communicate across air-gapped networks, but they all involve an infected USB drive or similar device introducing malware onto the air-gapped computer. (They could also involve a person physically accessing the computer, compromising it, and installing malware or modifying its hardware.)
For example, If malware was introduced onto an air-gapped computer via a USB drive and there was another infected computer nearby connected to the internet, the infected computers might be able to communicate across the air gap by transmitting high-frequency audio data using the computers’ speakers and microphones. That’s one of many techniques that were demonstrated at Black Hat USA 2018.
These are all pretty sophisticated attacks—much more sophisticated than the average malware you’ll find online. But they are a concern for nation-states with a nuclear program, as we’ve seen.
That said, garden-variety malware could also be a problem. If you bring an installer infected with ransomware to an air-gapped computer via a USB drive, that ransomware could still encrypt the files on your air–gapped computer and wreak havoc, demanding you connect it to the internet and pay up money before it will decrypt your data.
How to Air Gap a Computer
As we’ve seen, air gapping a computer is actually pretty simple: Just disconnect it from the network. Don’t connect it to the internet, and don’t connect it to a local network. Disconnect any physical Ethernet cables and disable the computer’s Wi-Fi and Bluetooth hardware. For maximum security, consider reinstalling the computer’s operating system from trusted installation media and using it entirely offline after that.
Don’t re-connect the computer to a network, even when you need to transfer files. If you need to download some software, for example, use a computer connected to the internet, transfer the software to something like a USB drive, and use that storage device to move the files back and forth. This ensures that your air-gapped system can’t be compromised by an attacker over the network, and it also ensures that, even if there is malware like a keylogger on your air-gapped computer, it can’t communicate any data over the network.
For better security, disable any wireless networking hardware on the air-gapped PC. For example, if you have a desktop PC with a Wi-Fi card, open the PC and remove the Wi-Fi hardware. If you can’t do that, you could at least go to the system’s BIOS or UEFI firmware and disable the Wi-Fi hardware.
In theory, malware on your air-gapped PC could re-enable the Wi-Fi hardware and connect to a Wi-Fi network if a computer has functioning wireless networking hardware. So, for a nuclear power plant, you really want a computer system that has no wireless networking hardware inside it. At home, just disabling the Wi-Fi hardware may be good enough.
Be careful about the software you download and bring to the air-gapped system, too. If you’re constantly ferrying data back and forth between an air-gapped system and a non-air-gapped system via a USB drive and both are infected with the same malware, the malware could exfiltrate data from your air-gapped system via the USB drive.
Finally, ensure the air gapped computer is physically secure, too—physical security is all you need to worry about. For example, if you have an air-gapped critical system with sensitive business data in an office, it should probably be in a secure area like a locked room rather than in the center of an office where various people are always walking back and forth. If you have an air-gapped laptop with sensitive data, store it securely so it isn’t stolen or otherwise physically compromised.
(Full-disk encryption can help protect your files on a computer, however, even if it is stolen.)
Air-gapping a computer system isn’t feasible in most cases. Computers are usually so useful because they’re networked, after all.
But air-gapping is an important technique that ensures 100% protection from networked threats if done properly—just ensure no one else has physical access to the system and don’t bring malware over on USB drives. It’s also free, without any expensive security software to pay for or a complicated setup process to go through. It’s the ideal way to secure some types of computing systems in specific situations.