[cabf_netsec] [EXTERNAL]- Definition of "Air Gapped"
Pedro FUENTES
pfuentes at WISEKEY.COM
Sat Oct 15 06:39:59 UTC 2022
Hello Ben,
In principle I would say that extending the concept of lack of connectivity to “Electrical Connections” would impose a big challenge, because even if the systems are normally powered off and electrical cables are disconnected, at the moment of powering up the systems (i.e. for a ceremony) we’d be breaching that requirement.
BR/P
> On 15 Oct 2022, at 05:39, Ben Wilson via Netsec <netsec at cabforum.org> wrote:
>
> All,
>
> Both https://csrc.nist.gov/glossary/term/air_gap <https://urldefense.proofpoint.com/v2/url?u=https-3A__csrc.nist.gov_glossary_term_air-5Fgap&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=LmvNtrygpWXbKZ3KY7uXI6Qz7YaICZdsR9VOMM9tOUo&s=05O03TdRvsnIHsm0s4tXXiC6o8fWB9-q1mnU1gzxe0k&e=> and https://www.rfc-editor.org/rfc/rfc4949 <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rfc-2Deditor.org_rfc_rfc4949&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=LmvNtrygpWXbKZ3KY7uXI6Qz7YaICZdsR9VOMM9tOUo&s=AISpylDx7SDnLQ0TQ0PzCB8PL8aPhNArmjJzOoZyUsY&e=> define "air gap" as "An interface between two systems at which (a) they are not connected physically and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control)."
>
> But this definition seems antiquated and not entirely clear. For instance, it doesn't address wireless connections, only physical connections. Also, I believe that use of the word "interface" and other language in that definition have the potential to cause confusion.
>
> RFC 4949 does clarify the definition with a parenthetical and an example:
>
> (See: sneaker net. Compare: gateway.)
>
> Example: Computer A and computer B are on opposite sides of a room. To move data from A to B, a person carries a disk across the room. If A and B operate in different security domains, then moving data across the air gap may involve an upgrade or downgrade operation.
>
> One potential definition of "air-gapped" (Alternative A) could be "separation between two devices or networks because they lack an electrical or wireless connection, which prevents them from communicating except by some external, manual, human interaction (e.g. computer A and computer B are on opposite sides of a room, and to move data from A to B, a person must carry a transfer device across the room)."
>
> Alternative B could be: "the absence of connections (electrical, wireless, or any other networking) that prevents a system from communicating with another system and requires human intervention and a transfer device for data to move between the two systems."
>
> Alternative C would be to define "Air Gap", as above in the CSRC/RFC definition, and add the words "or wirelessly", so that it would read "An interface between two systems at which (a) they are not connected physically or wirelessly and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control)."
>
> Also, I'll raise it here, for completeness, but I'm thinking we do not want to enlarge the scope of "air-gapped" to allow cryptographic, tunneled connections. I'm inclined to keep our definition simple (and hence hopefully more secure), but if anyone has other suggestions, please feel free to chime in.
>
> Please provide Alternatives D to Z.
>
> Finally, while I'm thinking about it, in the NCSSRs, do we want to consider "powered off and locked in a safe" separately from "air gapped" - it seems there might be a different risk profile?
>
> Thanks in advance,
>
> Ben
>
>
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_netsec&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=LmvNtrygpWXbKZ3KY7uXI6Qz7YaICZdsR9VOMM9tOUo&s=MIKlQspu8CuNGjk6ZI-0bwJ1_JcZZSl4qT4xxyH0c3A&e=
WISeKey SA
Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790
Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland
Stay connected with WISeKey <http://www.wisekey.com/>
THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks
CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender
DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20221015/7f2c8c16/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3398 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20221015/7f2c8c16/attachment-0001.p7s>
More information about the Netsec
mailing list