And a WiFi connection even though it goes 'through the air' is not an airgap.
The same for BT and any other kind of connectivity.
An airgap is only an airgap if you need physical access to a device to be able to import or export bits using a physical connection, and the location of the device is secured by physical barriers. Preferably a building that is secure against non-military wannabe intruders.
> firewall exception to get to the air gapped system
Any system accessible with a firewall exception is not "air-gapped" by definition.
A level below that is diode networks, which are not air-gapped but provide much stronger system isolation than anything that is accessible with a "firewall exception".
Far below either of these is vanilla network isolation, which is what you seem to be talking about.
Definitely! I've worked on the design of these types of systems, there is more subtlety to the security models than people assume. Some of the designs in the wild have what I would consider to be notable weaknesses.
The most interesting subset of these systems are high-assurance bi-directional data paths between independent peers that are quasi-realtime. Both parties are simultaneously worried about infiltration and exfiltration. While obviously a misnomer, many people still call them diodes...
The entire domain is fascinating and less developed than you would think.
And even if you do get it right, there is always that one guy that takes a USB stick and plugs it into your carefully air-gapped systems. And cell modems are everywhere now, and so small even an expert could still overlook one, especially if it is dormant most of the time.
Yes, it is underfunded for sure. I have been underwhelmed by what academia has managed to produce, funding aside. It is a solvable problem but you have to give the money to the people that can solve it in an operational context, which rarely seems to happen.
It is a genuinely fun project for someone with sufficiently sophisticated skill but I suspect there is relatively little money in it, which colors the opportunity and outcomes.
The absence of clear commercial opportunity gives the domain a weird dynamic.
And a WiFi connection even though it goes 'through the air' is not an airgap.
The same for BT and any other kind of connectivity.
An airgap is only an airgap if you need physical access to a device to be able to import or export bits using a physical connection, and the location of the device is secured by physical barriers. Preferably a building that is secure against non-military wannabe intruders.