[cabf_netsec] Definition of "Air Gapped"
bwilson at mozilla.com
Sat Oct 15 03:39:33 UTC 2022
Both https://csrc.nist.gov/glossary/term/air_gap and
https://www.rfc-editor.org/rfc/rfc4949 define "air gap" as "An interface
between two systems at which (a) they are not connected physically and (b)
any logical connection is not automated (i.e., data is transferred through
the interface only manually, under human control)."
But this definition seems antiquated and not entirely clear. For instance,
it doesn't address wireless connections, only physical connections. Also, I
believe that use of the word "interface" and other language in that
definition have the potential to cause confusion.
RFC 4949 does clarify the definition with a parenthetical and an example:
(See: sneaker net. Compare: gateway.)
Example: Computer A and computer B are on opposite sides of a room. To move
data from A to B, a person carries a disk across the room. If A and B
operate in different security domains, then moving data across the air gap
may involve an upgrade or downgrade operation.
One potential definition of "air-gapped" (Alternative A) could be "separation
between two devices or networks because they lack an electrical or wireless
connection, which prevents them from communicating except by some external,
manual, human interaction (e.g. computer A and computer B are on opposite
sides of a room, and to move data from A to B, a person must carry a
transfer device across the room)."
Alternative B could be: "the absence of connections (electrical, wireless,
or any other networking) that prevents a system from communicating with
another system and requires human intervention and a transfer device for
data to move between the two systems."
Alternative C would be to define "Air Gap", as above in the CSRC/RFC
definition, and add the words "or wirelessly", so that it would read "An
interface between two systems at which (a) they are not connected
physically *or wirelessly* and (b) any logical connection is not automated
(i.e., data is transferred through the interface only manually, under human
Also, I'll raise it here, for completeness, but I'm thinking we do not want
to enlarge the scope of "air-gapped" to allow cryptographic, tunneled
connections. I'm inclined to keep our definition simple (and hence
hopefully more secure), but if anyone has other suggestions, please feel
free to chime in.
Please provide Alternatives D to Z.
Finally, while I'm thinking about it, in the NCSSRs, do we want to consider
"powered off and locked in a safe" separately from "air gapped" - it seems
there might be a different risk profile?
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Netsec