What it is
An air gap is a security control that physically isolates a system or network from unsecured networks such as the public internet. Air-gapped environments are commonly used in critical infrastructure, industrial control systems, military networks, and environments handling highly sensitive data.
While physical isolation significantly reduces remote attack opportunities, air gaps are not foolproof. Advanced attackers have historically bypassed air gaps through infected removable media, compromised supply chains, or insider actions.
Why it matters
Air-gapped systems often protect mission-critical assets, making them attractive targets for advanced threat actors. Overreliance on isolation can lead to neglected patching, weak monitoring, and insufficient access controls. When compromised, air-gapped systems are often detected late, increasing potential impact.
How to reduce risk
- Strictly control physical access and removable media usage.
- Monitor system integrity and logs even in isolated environments.
- Conduct periodic security assessments and tabletop exercises.
- Use controlled one-way data transfer mechanisms where feasible.