Air gapping is a method that stops data from entering or leaving OT environments unless it is transferred manually. In simple words, this means that no transfer of data or communication occurs between systems or devices, unless it is done manually, hence creating a “gap”.
While this security measure works well for IT networks, it does not protect OT environments from attacks. Or at least not anymore! Traditionally, OT-heavy organisations attempted to resolve this clash between IT and OT by trying to keep them entirely apart. But with the convergence of IT and OT and with more systems becoming digitised, OT devices are at higher risk of attack.
Let’s look at a few reasons why air gaping is not a viable method of securing OT devices anymore:
Several organisations believe that they have completely air-gapped systems. However, there are many unknown points of IT/OT convergence. i.e., connections between IT and OT networks that are not obvious and could be missed out, which are liable to become attack entry points for bad actors.
Many network defence solutions are on the market, but they mainly target IT security. not specialised for OT environments. Air gapping an OT system has very limited value in today’s constant technological advances and can no longer be used as a sole security solution.
A device or system can be completely air gapped but the only way to be certain of that would be to have full visibility across IT and OT environments. However, this is nearly impossible to achieve due to the remote location of OT devices and systems.
Even with a completely air gapped system, there are several ways for attackers to jump the gap. A perfect air gap will be vulnerable to a variety of different attack vectors like physical access which is the most effective one. Other attack vectors include insider threats, misconfiguration of access controls, thermal manipulation, radio signals, magnetic fields, etc.
While air-gapped OT systems can reduce hazards, businesses are unable to benefit from the highly valuable data they generate. Real-time data analysis can yield corporate insights that lower expenses, shorten downtime, and boost productivity. Air-gapping is not a practical cyber security measure because of these opportunity costs.
Maintaining air-gapped OT systems is more costly and complicated since a linked system's engineering tools cannot be utilised for routine maintenance or troubleshooting. It also prevents the system from receiving secure remote support from technical professionals. Facilities suffer from greater support costs and more downtime when remote access is not available.
The truth is that no system is 100% safe against intrusion, not even one that has been thoroughly air-gapped. Every system can become a target for a breach and it’s crucial for organisations to implement active monitoring and stringent security measures to mitigate these hazards.
A third-party networked laptop, USB drive, removable media, smartphone, or other devices can physically enter air gaps. Connecting these devices to OT systems introduces vulnerabilities that are unavoidable even with air gapping. Users find it challenging to switch between their network-connected devices and the air-gapped device when there is an air gap. To make things easier, someone might transmit data using an insecure USB device, which could jeopardise an air-gapped system.
These limitations demonstrate that air gapping is not always a reliable way to prevent your OT systems from cyber attacks. Once the attack is inside OT systems, the consequences can be disastrous regardless of whether there is an air gap or not. Therefore, it is crucial to secure your OT devices even if an air gap is in place.
Source:
https://darktrace.com/blog/why-the-air-gap-is-not-enough