In January 2010 the Natanz nuclear plant in Iran met with a catastrophic failure. The centrifuges that enrich uranium for nuclear weapons were failing in unprecedented numbers and with increasing frequency. A joint operation between the intelligence services of the United States and Israel had infected the network of equipment controllers with a virus called Stuxnet. What makes Stuxnet such an audacious attack is that the network was isolated from the Internet in a practice called “air-gapping”. Organizations air-gap networks specifically to reduce the chances of malware infecting machines critical to the operations.
What Is Air-Gapping?
Air-gapping is a way for network administrators to build a “roadblock” made of air to keep malicious programming code that hackers drop on networks from wreaking havoc on networks. Without cables or WIFI connections, the malware cannot travel any further than the physical boundaries of the network.
The systems administrators air-gap from the larger network may be a single computer or a handful of machines. The practice is common with critical infrastructure operations. Critical infrastructure comes under the national security umbrella. Critical infrastructure includes power plants, dams, military installations and nuclear facilities. Financial institutions that conduct international transactions also air-gap the computers that mediate the SWIFT system.
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is the world’s largest electronic payment messaging system. The network exchanges trillions of dollars a day around the world. In May of 2016, however, the Bank of Bangladesh did not adhere to best practices for its sector and saw malware siphon nearly $100 million dollars from SWIFT-connected systems that were connected to the bank’s IT network.
The beauty of air-gapping is that it blocks nearly 100% of malware attacks and it’s not expensive. It merely takes disconnecting computers from the outside world.
Mind the Air-Gap
However, air-gapping against cyber attack is not a perfect defense. External devices, hackers can use the Internet of Things (IoT), and even the sound and heat that computers emanate to compromise isolated systems.
The most common means by which hackers infiltrate computers isolated from IT networks is through USB memory sticks. Security analysts postulate this is the means by which Stuxnet made it onto the isolated control systems in the Iranian nuclear plant in 2010. USB drives make their way into facilities in a variety of ways.
Cybercriminals have become adept at seeing that internal staff find or accept the “gift” of free file storage in the form of the portable memory devices. Staff may find that someone “accidentally” dropped a USB drive in a parking lot. Industry-specific conferences and exhibitions are another way hackers pass infected USB drives onto employees of high-security facilities.
Of course, the possibility of staff intentionally infecting computer systems by inserting an unauthorized memory device into a target computer. Researchers are finding more exotic means of hacking isolated computers now.
Data on networks travels through radio waves. However, researchers at Ben Gurion University in Israel have found that malware loaded onto computers on an IT network can use high-frequency sound waves to transmit malware to air-gapped computers in the same physical space. The malware uses a computer’s sound card to broadcast malicious programming code to the isolated computers.
The approach, however, begs the question of how to extract information from computers isolated from the network.
The Ben Gurion cybersecurity research team also found the heat emissions from computers offer a way for hackers to siphon passwords and security keys from air-gapped systems. The thermal sensors built into computers also provide a way for hackers to send malicious code to isolated computers, researchers have proven.
Once hackers have infected the air-gapped computer system, the Ben Gurion team found that CCTV cameras in the same room as the computers can extract data from infected devices. Infrared-equipped security cameras that are used for night vision read the heat signatures of computers. The approach, however, doesn’t allow hackers to transmit more than binary data like passwords, cryptographic keys, PIN codes and small bits of data from a computer they’ve targeted. IT professionals and business managers should not lose heart, however, since there are still ways to increase protections against even these exotic attacks.
How to Defend Your Networks Against an Air-Gap Attack
Cybersecurity professionals suggest that in a critical infrastructure setting the IT department can put a filtering device that uses a secure operating system between the computers that control devices and the devices themselves. The filters can gauge whether device performance – for instance, a turbine – is operating at a threshold different from that set on the controlling computer.
Ultimately, air-gapping is the most economical and effective means of protecting high-security computers from tampering. The most secure context, though, is that in which the target systems are not just disconnected from networks, but also physically isolated from other electronic devices.
Coranet is a certified Woman-Owned Information Technology Organization that has been meeting the requirements of Enterprise and Government entities for over 30 years. Network Engineering and Technical Support is part of our foundation and we continue this proud tradition with a 360-degree approach to technology solutions and services in the areas of Audio Visual, Network & Physical Security, Wireless/Copper Infrastructure, and Consulting/Project Management. Coranet is ISO 9001 registered, Lean Six Sigma and WBENC certified.
Please contact us at Sales@coranet.com for more information