In theory, the digital aspect of industrial control systems is supposed to be air-gapped from run of the mill corporate networks. In practice, however, there will often be bridges – left either accidentally or on purpose – between industrial controls and the general-purpose internet. As corporations continue to adopt digital technology, such as the industrial Internet of Things (the IIoT), these bridges are becoming less and less relevant.
As hacking industrial and manufacturing infrastructure becomes an increasingly large danger, it’s worth wondering whether strategies like a digital air gap are still viable – or if they were ever viable in the first place. If not, how should manufacturers think about re-architecting their networks for maximum security in an uncertain age?
Hacking the Air Gap has Always Been Possible (but extremely difficult)
Most information security readers will be familiar with the story of Stuxnet. For those who aren’t, Stuxnet was a worm that infected and destroyed infrastructure that was vital to the development of the Iranian nuclear enrichment program. Created jointly by the US and Israeli intelligence communities, Stuxnet was the first cyberattack that was able to breach an air-gapped computer system and physically destroy manufacturing infrastructure in the real world.
Pulling off Stuxnet wasn’t easy. It required:
- Custom manufacturing infected USB drives
- Smuggling infected USB drives into the Iranian supply chain
- Enlisting the probable support of collaborators within the Iranian nuclear program
In short, using the techniques available in that time, it would have been unfeasible to pull off Stuxnet with anything less than the support of two major world powers.
Since Stuxnet, there have been a number of proof-of-concept attacks designed to overcome the air gap, and one or two additional real-life examples. Israel’s Ben Gurion University in particular has designed some extremely novel attacks such as:
- Exfiltrating data from an infected air-gapped computer by using flashes of light from its hard drive indicator aimed at a nearby drone
- Exfiltrating and transmitting data using a similar method and an IR security camera
- Using a low-end mobile phone to extract data from an infected air-gapped computer via its ambient electromagnetic radiation
In every instance, these attacks require an attacker to have access to a previously-infected computer. With that said, its relatively easy to infect an air-gapped computer using either a USB drive with infected firmware, or a virus disguised as a legitimate software update. Of course, this assumes that a perfect air gap exists to begin with – which it probably does not.
In Practice, Your Air Gap Might Make Your Security Worse
Here’s some sobering testimony from Sean McGurk, the former Director of the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security:
"In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network. On average, we see 11 direct connections between those networks. In some extreme cases, we have identified up to 250 connections between the actual producing network and the enterprise network.”
In other words, even if you think that you have a pretty secure air gap, the actual likelihood is that you do not. There is some connection somewhere – a direct, active connection via cable or wireless – that bridges two networks which should not be bridged.
It’s easy to see how this can be worse than no security at all. If your assumptively air-gapped system is never connected to the internet, it theoretically never needs any kind of active monitoring or other security solutions – the air gap is all the security it needs. If your assumption is false, however – if your air gap is bridged in several places – then your ICS was vulnerable from the very beginning, and you have no way of knowing whether it was ever breached.
Eliminate the Air Gap for Greater Security and Innovation
Keeping up an air gap doesn’t just prevent better forms of security – it also prevents operational technologists from adopting innovations such as the IIoT. By its very nature, the IIoT defeats the purpose of the air gap. It’s directly managed by IT over WiFi, and in order to function it must deliver a constant stream of sensor data from ICS devices. Given that 80% of highest-performing manufacturers have adopted IIoT technology, choosing to maintain your air gap and forgo the IIoT is a foolhardy choice.
How can manufacturers add IIoT devices and connect their ICS network to their enterprise network without fear of consequences? One way to enhance your security is to hide both your enterprise and ICS networks from the general-purpose internet. Using this method, attackers who conduct reconnaissance on your perimeter won’t be able to find a foothold. According to Gartner, this method can mitigate up to 70% of all cyberattacks.
With Safe-T’s Software-Defined Access technology, hiding your critical systems from attackers is a very simple step – and mitigating the remaining 30% of attacks is barely more complicated. Our cybersecurity suite makes it easy for users to screen incoming and outgoing files for malicious data, transfer files securely, apply encryption to sensitive data streams, and more. Don’t wait for your air gap to become fully obsolete – contact Safe-T for a free trial today!