Why Air Gapped Networks Fail

Preface:  This white paper has been written by one of our lead cyber analysts who has performed penetration tests for U.S. Government red teams in prominent stateside locations as well as international locations.  His pen tests have included hacks against networks and SCADA controls similar to operational technology found in businesses, cities, water treatment plants and power substations to uncover critical vulnerabilities.
The two most common network-network policies are segmenting and air gapping. The current trend in cyber security is to now move away from pushing air gapped solutions, because they are a good idea in theory, but never actually work.Organizations that believe their SCADA or security networks are free of threat are usually the ones with the greatest breaches that produce the greatest amount of harm to the network. When an organization thinks they’re secure, they believe they have no reason to monitor the networks in question.

As recently seen in the MIRAI IOT Botnet that took down hundreds of organizations through DDOS attacks, insecure devices that were not monitored produced great risk; not just to the organization themselves but to anyone else on the internet.

Security breaches likes these commonly occur because of 3 main reasons: misconfiguration, non-true separation, or insider threat. These 3 harmful scenarios to organizations can be catastrophic if gone unnoticed or unaddressed for too long. While some of these issues seem benign and others seem intentional, most of these vulnerabilities are caused by 3 essential items borne from the business environment; functionality, ease of access, and usability.