This is an updated version of this article, which was first appeared on Belden Blogs on March 3, 2012 and on TofinoSecurity.com on June 30, 2011
Recently I gave a talk focused on air gaps as a security strategy in control systems. The talk was at the AusCERT 2012 conference and to my amazement, it generated a large amount of discussion in the media both inside and outside Australia. Here are a few examples:
While all this interest is very heartening, a number of the people commenting seem to have misunderstood my message. Today I am writing to make my views on air gaps a bit clearer.
Byres presenting “Unicorns and Air Gaps” at AusCERT 2012
Supporters of Air Gaps Do Exist
The theory of the air gap sounds great; by creating a physical gap between the control network and the business network, bad things like hackers and worms can never get into critical control systems. But as you can probably guess from the title of my blog, I don’t believe that true air gaps actually exist in the ICS and SCADA world.
Certainly, there are many people that disagree with me outright. For example, Paul Ferguson, an Internet Security Intelligence blogger at Trend Micro recently wrote:
I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle.” 1
Similarly, last year there was a flood of SCADA and ICS vulnerability notices with advice on addressing the issue by using an air gap. One example I gave in the past came from the original Siemens Security Advisory addressing the vulnerabilities in Siemens SIMATIC S7-1200 PLC line:
“In addition, it is important to ensure your automation network is protected from unauthorized access using the strategies suggested in this document or isolate the automation network from all other networks using an air gap.” 2 Read more