The recent breach of European air-gapped government systems shows how supposedly isolated environments can be compromised through USB-based infiltration. This incident highlights the challenges of maintaining true air-gapped security, which led us to write this article.
An air-gapped system is supposed to be completely disconnected from any network, ensuring that sensitive data stays secure. However, it's not only network connections that can spread malware. USB devices are one of the oldest tricks in the hacker's toolkit and can easily undermine this isolation. A USB device that comes from a compromised system can act as a carrier for malware, compromising the entire air gap.
Guess what? Your air gap is not truly air-gapped if there's a USB device going back and forth. While there could be more breaches you don't know about, even software layers in a software air-gap can be penetrated. There are two kinds of air-gapped systems: hardware air-gapped and software air-gapped and hareware air-gapped is much more secure.
-
Hardware Air-Gapped (TRULY air-gapped): These systems use physical media like LTO Ultrium tapes or RDX Tapes . Unlike USB drives that frequently go back and forth, LTO tapes are meant to be used once and then stored in a secure, separate location. Once data is backed up onto an LTO tape, it shouldn't be brought back into an operational environment unless absolutely needed for restoration. To breach this type of system, a physical invasion is required—someone would have to physically access the tape and load it into a drive. This makes hardware air-gapped systems far more secure.
-
Software Air-Gapped: These systems rely on logical network separation and software-based isolation. However, they are vulnerable if the software is breached. A successful attack can create a bridge to the supposedly isolated system, compromising its security. Unfortunately, just because a software air-gap breach hasn't been discovered doesn't mean it hasn't happened. It is becoming more common for software air-gapped systems to be marketed as true air-gapped solutions, even though they lack the same level of protection as hardware air-gapped systems.
Maintaining a strict physical separation in hardware air-gapped systems minimizes this risk, providing a much higher level of protection, but remember that both hardware and software air-gapped systems should avoid regular interaction with potentially compromised systems. Any temporary connection, like using USB devices to transfer data, introduces a possible attack vector and undermines the security of the air gap. In contrast, storing LTO tapes offsite or in a secure vault until they are needed for restoration keeps the air gap intact and offers genuine protection from malware.