Communications of the ACM
Bridgeware: The Air-Gap Malware
Credit: Greg Epperson
Many organizations store and process sensitive information within their computer networks. Naturally, such networks are the preferred targets of adversaries due to the valuable information they hold. Securing computer networks is a complex task involving the installation of endpoint protection, maintaining firewalls, configuring intrusion detection and intrusion prevention systems (IDSs and IPSs), and so on. However, regardless of the level of protection, a persistent attacker will eventually find a way to breach a computer network connected to the Internet. Consequently, if a network stores sensitive or classified information, an 'air-gap' approach is often used to prevent such a breach.
Key Insights
Air-gapped networks have no physical or logical connection to public networks (such as, the Internet). Such networks are often used in cases where the information stored in, or generated by, the system is too sensitive to risk data leaks, for example, military networks such as the Joint Worldwide Intelligence Communications System (JWICS).12 Air-gapped networks are also commonly used in critical infrastructure and control systems where breaching incidents can have catastrophic results, however such networks are not limited to military or critical infrastructures. Stock exchanges, insurance companies, biomedical manufacturers, and a wide range of industries use isolated networks in their IT environments.30 These networks maintain intellectual property, financial data, trade secrets, confidential documents, and personal information, and air-gap isolation is aimed at protecting this data.
No entries found