The "air gap" -- the idea that a physical gap between between an industrial control network and an organisation's business network will prevent attacks from reaching critical control systems -- is "one of the most enduring fairy tales in the field", according to leading US critical infrastructure security consultant Eric Byres.
"As much as we want to pretend otherwise, modern control systems need a steady diet of electronic information from the outside world," Byres writes at the Practical SCADA Security Blog.
"Severing the network connection with an air gap simply spawns new pathways -- pathways like the mobile laptop and the USB key, which are more difficult to manage and just as easy to infect," he said. "There is a good reason why you won’t find the air gap mentioned in vendor engineering manuals. As a theory, it is wonderful. In real life, it doesn’t work."
Byres illustrates his argument with the diagram of a high-security network architecture taken directly from Siemens’ Security Concept manual (pg 42).
"Can you spot the air gap in the drawing?" he asks. "Funny, neither can I."
The blog post echoes comments Byres made at the AusCERT information security conference in May, where he speculated that the Stuxnet worm may not necessarily have infected the target supervisory control and data acquisition (SCADA) systems via a USB key.
Byres told the conference that an attacker could mimic the vendor's documentation CD, package it the vendor's stationery, and send it to the manager of the target network. The disc would contain PDF files of real documentation that were infected with Stuxnet.
CSO understands that such a documentation-based attack has already been attempted, although it is believed to have failed.
"Government, vendors and industry need to accept that the dream of an air gap is dead," Byres wrote.
Follow CSO Australia on Twitter: @CSO_Australia