Air-gaps have long been considered immune to hacking – because they physically isolate a system from unsecured networks which themselves may be connected to the internet or a wider network. Researchers have forever been busy trialling and testing proof of concept hacks to bridge the air-gap, and they’ve successfully proven that even isolated systems are vulnerable to hacking.
One way to do this is by subverting vendor update mechanisms or infect the laptops or USB drives of a third-party maintenance contractor with a direct link to the network. The Ukrainian power grid cyberattack in 2016 is an example of this method. In the past, attackers have also used PC radio frequency signals to harvest data from air-gapped networks. At a recent Black Hat conference in London, security firm CyberX highlighted ways of achieving this more efficiently and less detectably by infecting Programmable Logic Controllers (PLCs).
The best way to counter this kind of incursion is through monitoring for behavioural anomalies – by keeping a look-out for cyber reconnaissance devices that are scanning the network or seeking configuration information – as well as any unauthorised updates to PLC ladder logic code.