Air-Gapped Network
What is Air-Gapped Network?
Air-Gapped NetworkA network that is physically and logically isolated from other networks, especially the internet, to protect highly sensitive systems such as ICS, classified networks, or vaults.
An air-gapped network has no direct connection to less trusted networks; data crosses the boundary only through controlled means like removable media, data diodes, or kiosk transfer stations. Air gaps are used for nuclear-plant safety systems, classified military networks, cryptocurrency cold storage, voting infrastructure, and parts of ICS, on the assumption that physical isolation forces an attacker to bridge the gap. In practice, real-world incidents (Stuxnet, agent.btz, and academic covert channels using acoustic, thermal, magnetic, or optical emanations) show that air gaps can be crossed via infected USB drives, supply chain implants, or compromised maintenance laptops. Effective programs combine air gaps with strict media-control policies, signed firmware, host-based intrusion detection, and monitoring for anomalous device or RF activity.
● Examples
- 01
An offline engineering workstation network used to develop SIS logic and transfer it via signed USB media.
- 02
A cold-storage vault for cryptographic keys kept in a Faraday-shielded room with no network connectivity.
● Frequently asked questions
What is Air-Gapped Network?
A network that is physically and logically isolated from other networks, especially the internet, to protect highly sensitive systems such as ICS, classified networks, or vaults. It belongs to the OT / ICS / IoT category of cybersecurity.
What does Air-Gapped Network mean?
A network that is physically and logically isolated from other networks, especially the internet, to protect highly sensitive systems such as ICS, classified networks, or vaults.
How does Air-Gapped Network work?
An air-gapped network has no direct connection to less trusted networks; data crosses the boundary only through controlled means like removable media, data diodes, or kiosk transfer stations. Air gaps are used for nuclear-plant safety systems, classified military networks, cryptocurrency cold storage, voting infrastructure, and parts of ICS, on the assumption that physical isolation forces an attacker to bridge the gap. In practice, real-world incidents (Stuxnet, agent.btz, and academic covert channels using acoustic, thermal, magnetic, or optical emanations) show that air gaps can be crossed via infected USB drives, supply chain implants, or compromised maintenance laptops. Effective programs combine air gaps with strict media-control policies, signed firmware, host-based intrusion detection, and monitoring for anomalous device or RF activity.
How do you defend against Air-Gapped Network?
Defences for Air-Gapped Network typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Air-Gapped Network?
Common alternative names include: Air gap, Isolated network, Stand-alone network.
● Related terms
- ot-iot№ 762
Operational Technology (OT)
Hardware and software that monitor and control physical processes, devices, and infrastructure such as factories, power plants, and utilities.
- ot-iot№ 529
Industrial Control System (ICS)
An umbrella term for systems that automate and supervise industrial processes, including SCADA, DCS, PLCs, RTUs, and safety controllers.
- network-security№ 723
Network Segmentation
The practice of splitting a network into multiple zones with controlled traffic between them to contain breaches and enforce least privilege.
- ot-iot№ 1111
Stuxnet
A highly sophisticated 2010 worm that sabotaged Iran's uranium-enrichment centrifuges by reprogramming Siemens PLCs, widely attributed to the United States and Israel.
- ot-iot№ 881
Purdue Enterprise Reference Architecture
A layered reference model for industrial networks that segments business IT from process control, widely used to design ICS network segmentation.
- ot-iot№ 957
Safety Instrumented System (SIS)
An independent control system that brings a process to a safe state when monitored variables exceed defined limits, protecting people, environment, and assets.