Flaw in Air Gap Philosophy

Wednesday, August 22, 2012 @ 05:08 PM gHale

Editor’s Note: This is an excerpt from Eric Byres’ Practical SCADA Security blog at Tofino Security.
By Eric Byres
Over the past month, I have received a number of emails and seen a number of stories suggesting that I was attacking the concept of data diodes when I stated air gaps are a myth. Unfortunately, this is a serious misunderstanding of my message to the ICS/SCADA community.

I am not writing about technology when I say air gaps are impossible.

ICS, SCADA Myth: Protection by Firewalls
Air Gap Shout Out
Air Gaps a True Myth
Focused Effort: Securing Against APTs

Whether you use a firewall, a data diode or tin cans and string to filter and control your information flow is not my point. These are all valuable technologies (well, maybe not the last one). They are also not silver bullets, but when used intelligently in a defense in depth strategy, they can all do a lot to secure a control system.

What I am writing about is the philosophy that says we can truly isolate control systems from the outside world. I think anyone who says “my control system is completely isolated” is badly misguided. That person’s only focus is on the obvious network flows and ignoring the other sneakernet flows that are every bit as dangerous. This is where the “myth” lies. It is not in “what is the correct technology for securing control systems?”

The flaw in the Isolation philosophy (I won’t call it an Air Gap philosophy to avoid any more confusion) is that it depends on a single defense – complete electronic isolation of a control system.

With a single defense comes a single point of failure. From hard experience, we all know that designs with a single point of failure are not robust. Bottom line is that Isolation of the control network is not a viable long-term strategy.
Eric Byres is chief technology officer at Tofino Security. Click here to read the full version of the Practical SCADA Security blog.

Leave a Reply

You must be logged in to post a comment.