[cba9]

Perhaps you should read the submission. The larger point here is that even if you set up a network in the first place which is genuinely airgapped, as time passes and systems evolve there will be constant pressure from within and without to re-establish a network connection somewhere in order to make everyone's lives easier and eventually, whether deliberate or inadvertent, a connection will be made (and of course, we know that the NSA has a variety of infiltration and exfiltration methods to get across air gaps, such as dropping flash drives and waiting for an insider to be foolish enough to bring it inside).

Believing that an air gap exists or will continue to exist indefinitely is hence setting yourself up for some unpleasant surprises in the future, and encourages weak security designs where the network/system is crunchy on the outside and all delicious and soft and gooey on the inside. (Which is more secure, to have your local WiFi set up with WPA or whatever and have employees telnet into servers, or just go Google-style and have fully encrypted end to end links without requiring any belief in security of the links?)

[vonmoltke]

> Perhaps you should read the submission. The larger point here is that even if you set up a network in the first place which is genuinely airgapped, as time passes and systems evolve there will be constant pressure from within and without to re-establish a network connection somewhere in order to make everyone's lives easier and eventually, whether deliberate or inadvertent, a connection will be made (and of course, we know that the NSA has a variety of infiltration and exfiltration methods to get across air gaps, such as dropping flash drives and waiting for an insider to be foolish enough to bring it inside).

The article is not well written, and I personally had to parse it several times to figure out what he was trying to say. I'm still not even sure if this is the correct interpretation.

> Believing that an air gap exists or will continue to exist indefinitely is hence setting yourself up for some unpleasant surprises in the future, and encourages weak security designs where the network/system is crunchy on the outside and all delicious and soft and gooey on the inside. (Which is more secure, to have your local WiFi set up with WPA or whatever and have employees telnet into servers, or just go Google-style and have fully encrypted end to end links without requiring any belief in security of the links?)

That depends on your physical security. A facility like the one he described should have had regular security audits to verify that no hard lines were placed where they should not be. All hard lines and ports should have been marked with identifying information. Nobody should have been able to keep a line open for any significant period of time unless these processes broke down.

[cba9]

> The article is not well written, and I personally had to parse it several times to figure out what he was trying to say. I'm still not even sure if this is the correct interpretation.

I thought it was perfectly clear. He was telling a funny story about how systems and technologies evolve, giving two examples of that (latter, the watch, former, the system's airgap springing a leak), and furnishing an object lesson in the need for regular thorough audits to ensure that systems and controls thereof are still in place and still working the way that the owners think it's working.

> A facility like the one he described should have had regular security audits to verify that no hard lines were placed where they should not be.

Exactly. In fact, I believe at the time he wrote this blog post, OP was an active auditor for BDO. In some of his other posts, he analyzes observations he made while auditing a variety of companies/organizations; unsurprisingly standards across the board are very poor. He would be the first to say that this sort of thing is what an audit should prevent and why audits are needed (although I'm not sure I agree with his venom against pentesting; which I see analogous to fuzzing).

[specialist]

as time passes and systems evolve there will be constant pressure from within and without to re-establish a network connection somewhere

Thank you.

Proponents of electronic voting and tabulation (eg central count of physical ballots) enthuse about security, air-gapping, data diodes, etc.

Alas, it's turtles all the way down. Dig deep enough and you'll expose the fiction.

Then you're in the trap of explaining technology to policy makers, testifying against trained bureaucrats supported by an army of vendor sales minions defending their cheddar.

You can't win.

It's nutty making.

[alkonaut]

I tried parsing it several times but from what I understood, they established an Internet connection out from the air gapped network, without coming into the facility with a big reel of network cable. So it seemed the network wasn't physically disconnected after all?

An air gapped computer is pretty easy to create -- just disable the radios and don't connect any network cables to it.

A network would be much harder but the key has to be that there are no other non-air gapped machines in the same facility. If someone wants to bridge the gap it should be obvious by the cable coming in the door and running all the way up to the machine.

Obviously the kind of air-gapped networks I'm talking about are computers never involved in any internet business at all, the kind that operate power plants (or centrifuges...).