Last week I updated my air gap blog from 2011. I noted some companies (like Siemens) no longer mention air gaps. Then to keep things balanced, I added new examples of consultants that support the air gap theory. In particular, I selected this quote from Paul Ferguson at Trend Micro:
“I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle.”
Paul Ferguson: "Real" Air Gaps Are Impractical
Well we had barely pressed the “publish” button when Paul wrote back:
“I changed my outlook in the 4 years between that initial 2008 blog post (which Eric mistakenly listed as 2012) and the time that I drafted the ICS Security Architecture white paper. I have spent a lot of time attending the ICSJWG workshops, talking with ICS vendors, asset owners & operators, and I completely understand the reality of the current situation.”
I checked Paul’s more recent publications and came upon his excellent white paper “Toward a More Secure Posture for Industrial Control System Networks”. On the first page I found:
In practical and operational terms, however, physically separating networks is not functionally nor operationally feasible in the real world.
Sorry, Paul, for dragging out such an old comment! I should have researched your work more deeply.
Eric Byres realizes the quote he used from Paul Ferguson was from 2008, not 2012!
I then spent the next few hours searching the Internet for security bloggers that are pro-air gap. I did not find even one!
What I did find were many experts with even stronger opinions than me on the subject. For example, check out Craig Wright’s blog.
With experts like Paul and vendors like Siemens switching to the “The Air Gap is Unrealistic” camp, I am running out of examples of “Air Gap” supporters. That makes it harder for me to write an entertaining blog, but it is great news for the ICS/SCADA industry.
So is that the end of the debate? Is this the last rant on the Practical SCADA Security blog about the myth of air gaps? Unfortunately the answer is “no”. There are still many well-meaning control engineers in the end-user community that believe in air gaps. That needs addressing.
The security experts have given up on the myth of the air gap.
Now they need to help the end-user understand how the air gap will fail in their control systems. An upcoming blog will be a summary of a conversation I had recently with an engineer who thought his system was air gapped. We explore how easy it is to forget some of the data needs and vulnerabilities of the average ICS / SCADA system.
In the meantime, let me know if you have a good “I thought it was air gapped but it wasn’t” story. Or share a case history where there is a real air gap where no electronic information ever gets in.
- White Paper: Trend Micro “Toward a More Secure Posture for Industrial Control System Networks”
- Blog: #1 ICS and SCADA Security Myth: Protection by Air Gap
- Blog: Air Gaps won’t Stop Stuxnet’s Children
- Blog: Cyber Attacks on U.S. Critical Infrastructure will Intensify
- Blog: Flame Malware and SCADA Security: What are the Impacts?
Infosecisland.com Webpage: “SCADA: Air Gaps Do Not Exist”