Air-gap security an "enduring fairy tale": Byres

Government, vendors and industry need to accept that the dream of an air gap is dead: Byres

The "air gap" -- the idea that a physical gap between between an industrial control network and an organisation's business network will prevent attacks from reaching critical control systems -- is "one of the most enduring fairy tales in the field", according to leading US critical infrastructure security consultant Eric Byres.

"As much as we want to pretend otherwise, modern control systems need a steady diet of electronic information from the outside world," Byres writes at the Practical SCADA Security Blog.

"Severing the network connection with an air gap simply spawns new pathways -- pathways like the mobile laptop and the USB key, which are more difficult to manage and just as easy to infect," he said. "There is a good reason why you won’t find the air gap mentioned in vendor engineering manuals. As a theory, it is wonderful. In real life, it doesn’t work."

Byres illustrates his argument with the diagram of a high-security network architecture taken directly from Siemens’ Security Concept manual (pg 42).

"Can you spot the air gap in the drawing?" he asks. "Funny, neither can I."

The blog post echoes comments Byres made at the AusCERT information security conference in May, where he speculated that the Stuxnet worm may not necessarily have infected the target supervisory control and data acquisition (SCADA) systems via a USB key.

Byres told the conference that an attacker could mimic the vendor's documentation CD, package it the vendor's stationery, and send it to the manager of the target network. The disc would contain PDF files of real documentation that were infected with Stuxnet.

CSO understands that such a documentation-based attack has already been attempted, although it is believed to have failed.

"Government, vendors and industry need to accept that the dream of an air gap is dead," Byres wrote.

Follow CSO Australia on Twitter: @CSO_Australia

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Air-gapPractical SCADA Security BlogByresSiemens’ Security Concept manual

More about CERT AustraliaetworkSiemens

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Stilgherrian

Latest Videos

More videos

Blog Posts