First, let us define an air-gapped or dark network, as some may call it. An air-gapped or dark network is one that is physically separated from all other networks and is used to better isolate and secure sensitive data and systems. Typically, these networks require physical intervention for external communication instead of relying on traditional networks. Some affectionately call this the "sneaker network." The method employed is typically through USB drives or external hard drives.
Who uses these types of dark networks? The answer is simple: any organization with mission-critical needs such as military, energy or water infrastructure, finance, healthcare, aerospace, and even manufacturing. The types of technology employed vary by industry but may include operational technology (OT), SCADA systems, robotics, avionics, medical devices, IoT devices, or highly sensitive data.
These systems, being air-gapped or dark networks, provide a layer of defense that traditional systems don’t have by being isolated from the Internet. However, there are many challenges to securing these systems:
-
Complexity: Organizations can expect higher costs and complexity when running one or more dark networks, as each network needs its own set of management tools. While most modern security tools and platforms are moving 100% to the cloud, this shift can reduce the number of vendors from which to choose.
-
Insider Threats: Anyone with physical access to the system can pose a threat. Employees and contractors must be thoroughly vetted and monitored. Consider limiting the use of any portable electronics or storage devices while accessing the systems. Examples to restrict include cell phones, wearable technologies, or USB devices, which can be easily concealed.
-
Supply Chain Risks: The hardware or software used within the system can be compromised, effectively acting as a Trojan horse. Use only trusted vendors, software, and hardware.
-
System Updates: Even though the system is air-gapped, you must update it in a timely manner. Operating system updates, application updates, and firmware updates will help keep systems running smoothly and add an additional layer of security if a breach occurs.
-
Monitoring and Incident Response: Being disconnected makes this more difficult. However, real-time monitoring and quick response times to potential breaches should not be overlooked.
-
Asset and Inventory Tracking: A key to securing a system is having a thorough understanding of that system, which includes knowing what you have. Proper inventory of all connected systems—including operating systems, applications, and hardware—is crucial to ensuring a secure environment.
While air-gapped systems have their own set of challenges, they can and must be secured to ensure that data and systems remain operational and unimpeded. I hope this blog has provided some insight into the need, use cases, and challenges of air-gapped systems. If you are looking to help manage and secure an air-gapped system, I invite you to take a look at the KACE System Management Appliance. For a no-cost trial, click here.