Secure No More: The Myth of the Air Gap

Jan 05, 2021

In days past, the most common way to guarantee that assets were safe from cyber threats was to put a ‘gap’ between them and the internet, which came to be called an air gap. The main idea of this ‘air gap’ is that the device never connects to the internet. However, in the era of ransomware, does this create real safety for work site assets? Will air-gapped devices be protected from malware? The current threat landscape, the answer to this question surely a resounding “no”.


There are a few key reasons that air gaps are no longer bulletproof against cyber incidents:

  1. Hardware: Even though an air-gapped device should, in theory and according to the way it’s been set up, never directly connect to the internet, there are still many opportunities for threat exposure. Wi-fi, bluetooth, and even external keyboard connection can all serve as viable vectors for malware transmission, and it’s easy for an employee to make a mistake or for the devices themselves to automatically connect.
  2. Maintenance staff: Maintenance staff will need to bring their own work devices in with them. Once they’re behind the air gap, malware on their devices can swiftly spread. As soon as they’ve connected to your intranet, your air-gapped network is compromised.
  3. Supply chain infection: Even a brand-new device can arrive at your facility already carrying malware if their creators’ systems have been compromised. Incoming devices need to be checked for hidden threats, and suppliers should be asked about their own cybersecurity routines.

Over the last several years, the security that air gaps once offered has gradually collapsed. Organizations have been deploying air gaps to protect legacy assets or other sensitive devices, but only modern solutions can protect devices from modern threats. Air-gapped devices can be rendered even more vulnerable by their inability to update pattern files for scans, or by special requirements that no software be installed on the machine.


One solution designed specifically to face these challenges is Trend Micro Portable Security 3 TXOne Edition, which is designed specifically with these issues in mind. It’s a small, USB-based portable scanning device that can be updated with the latest pattern files from our researchers, then taken across the air gap or to stand-alone machines to conduct quick, convenient malware scans.

TXOne image
TXOne Networks

Need assistance?

TXOne’s global teams are here to help!

Find support