Communications of the ACM

Review articles

Bridgeware: The Air-Gap Malware

By Mordechai Guri, Yuval Elovici
Communications of the ACM, April 2018, Vol. 61 No. 4, Pages 74-82
10.1145/3177230
Comments

Many organizations store and process sensitive information within their computer networks. Naturally, such networks are the preferred targets of adversaries due to the valuable information they hold. Securing computer networks is a complex task involving the installation of endpoint protection, maintaining firewalls, configuring intrusion detection and intrusion prevention systems (IDSs and IPSs), and so on. However, regardless of the level of protection, a persistent attacker will eventually find a way to breach a computer network connected to the Internet. Consequently, if a network stores sensitive or classified information, an 'air-gap' approach is often used to prevent such a breach.

Back to Top

Key Insights

Air-gapped networks have no physical or logical connection to public networks (such as, the Internet). Such networks are often used in cases where the information stored in, or generated by, the system is too sensitive to risk data leaks, for example, military networks such as the Joint Worldwide Intelligence Communications System (JWICS).¹² Air-gapped networks are also commonly used in critical infrastructure and control systems where breaching incidents can have catastrophic results, however such networks are not limited to military or critical infrastructures. Stock exchanges, insurance companies, biomedical manufacturers, and a wide range of industries use isolated networks in their IT environments.³⁰ These networks maintain intellectual property, financial data, trade secrets, confidential documents, and personal information, and air-gap isolation is aimed at protecting this data.

---

No entries found

Log in to Read the Full Article