Air Gap’d Devices

The concept of an air gap’d defense is not new. It simply means that sensitive hardware or software is kept physically separate from other hardware or software and from the rest of the world. In theory, there is no wired or wireless connection between those devices and data and anything else, so the air and physical separation protect them from attack or compromise.

In practice, networks and devices that are considered to be air gap’d are often not, at least not from an IoT security perspective. In some cases they are on a separate network segment and are logically separated from the rest of the network and world, in which case there will always be a way to breach that separation and access the network segment. Some are “air gap’d” by virtue of being on a separate wireless network—enabling the devices to communicate with one another, but not with the rest of the network or world. However, the fact that the devices can communicate with each other wirelessly also exposes them to potential attack or compromise wirelessly like from an airborne attack. Even in the case of hardware or software that is both physically and logically disconnected from any network, there is still potential risk from “sneaker-net”—an attacker or rogue employee simply walking up and accessing or taking it.

Regardless of whether your servers, endpoints, or IoT devices are air gap’d, it’s still crucial that you have holistic visibility of the network to be able to identify any shadow networks, shadow IoT, or rogue access points that might breach the air gap and expose those devices and data to potential attack.