ITHCWY: Robert Ellison's Blog

Air Gap

The latest revelations about how thoroughly the NSA, GCHQ and friends have corrupted Internet security have got Bruce Schneier recommending an air gap.

Back in the late 90's I played a small role in the fight against the UK government's trusted third party / mandatory key escrow scheme on behalf of Ç-Dilla, at around the same time as the Clinton administration was pushing the Clipper Chip. It seemed that the fight was won, but apparently after being told no the spy agencies went and found a way to do it anyway.

The starting point is terrorists, because there is nothing that can't be justified by the war on terror. But all that data just wants to be used so it gets shared with the DEA, and then the IRSAnd then LOVEINT. The implications for civil liberties and the economy aren't great but they're probably not the worst fallout.

The ending point is probably terrorists as well. Because by opening up back doors and sneaking weaknesses into the algorithms that we depend on for security we've opened up holes for the bad guys to exploit. Bad enough that your local nuclear power station is hooked up to the Internet but now we know the VPN and the Firewall that should be keeping it safe have been fatally compromised.

If we really wanted to save the most possible lives then the billions being sunk into the NSA would be better spent developing self-driving cars.


Colin Robbins
While Air-Gaps are a good conceptual solution, in practice beyond Schneier's single PC example, they are very hard to achieve. There is nearly always a backdoor to be found somewhere than an attacker can exploit. Opinion is divided, as can be seen of various discussion groups about air-gaps, as to how to sovle the issue if you do need true network seperation. A report attributed to NIST suggests that when they investigated industrial control systems that claimed to be air-gapped, they infact found on average 7 connections. My perspective is the various backdoors are typcially there because someone or some process needed access for some ad-hoc purpose. Often remote maintainence. The issue occurs becuse the person or process has a need, and the front door is shut, so they implement a backdoor. So I argue it makes better sence to have a controlled front door, in which legitimate access can be granted to a specific business process on an as-needs basis. If the security assurance of the perceived air-gap is needed, the an option to consider is a data diode to ensure data only flows one way. These issues are explored further in my blog article on the subject:
Ronald Duncan

Air gaps are cheap and easy to implement provided you do not need to connect to external networks.

Our old method was to remove the coms ports from the motherboard soldering iron, and store the hard drive in a safe when the isolated PC was not attended, and rekey any data required, or have a secure way of transferring data from a physical medium to the pc. The problem is that floppy disks, USB key fobs etc etc have a habit of getting infected.

Fiber optic network and 3 meter air gaps between networks works well if you have to network a group of PC's together, with a dedicated PC for transferring data between networks e.g. back up email from one network transfer validate and then load onto the other network to get over the airgap. Data diodes and message pumps now make this easier, but you need to log and validate all cross traffic.

Unless you are working on military projects this is all over the top, but the problem was solved decades ago when we had serious adversaries in the form of the USSR etc.

Add Comment

All comments are moderated to weed out spam. Email address is optional and is only used to display your Gravatar.