Air Gap
Physical isolation of a network or system from all other networks, including the Internet, used as a security measure for critical infrastructure.
What is an Air Gap?
An air gap is a security strategy involving the complete physical isolation of a network or system from all other networks - primarily the Internet and corporate IT network. An air-gapped system has no wired, wireless or optical connections to any other network.
The air gap concept has historically been applied in the highest-security environments: nuclear power plant control systems, military networks and critical infrastructure control systems. The premise is straightforward - if there is no network connection, a remote attack is impossible.
In practice, maintaining a complete air gap is difficult. Data must be transferred between networks somehow - via USB drives, service laptops or one-off connections. Each of these channels can become an attack vector, as demonstrated by Stuxnet, which reached the isolated Iranian nuclear programme network, likely via an infected USB drive.
Why does it matter?
Modern industrial installations increasingly move away from full air gaps - the need for remote monitoring, data transfer to business systems and software updates means OT networks are connected to IT networks. In such cases, the air gap is replaced by buffer zones (Industrial DMZ) and data diodes, which provide controlled information flow. The decision on the level of isolation should be based on risk analysis and operational requirements.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.