Print

Air Gapping 3
values. To the extent that an APT reuses tools and infrastructure (and therefore
IOCs) across different operations, threat information sharing has the potential to
significantly reduce the mean time to next detection (MTTND) and to increase the
ability of defenders to attribute an attack.
Angelos D. Keromytis
See also: Cyber Attack; Cyber Crime; Cyber Defense; Cyber Espionage; Mandiant
Corporation; People’s Liberation Army Unit 61398; People’s Republic of China
Cyber Capabilities; Social Engineering; Spear Phishing
Further Reading
Brenner, Joel. America the Vulnerable: Inside the New Threat Matrix of Digital Espionage,
Crime, and Warfare. New York: Penguin Press, 2011.
Lindsay, Jon R., Tai Ming Cheung, and Derek S. Reveron, eds. China and Cybersecurity:
Espionage, Strategy, and Politics in the Digital Domain. New York: Oxford University
Press, 2015.
Mandiant Corporation. APT1: Exposing One of China’s Cyber Espionage Units. Alexandria,
VA: Mandiant Corporation, 2013.
AIR GAPPING
The term air gapping is commonly used to describe a security measure taken to
protect a computer system from intrusion. To air gap a computer system, it must
be isolated from any local area network or public wireless network. The military,
intelligence agencies, financial entities, and even some advocacy groups air gap
certain systems because of the sensitive information contained within. Though pri-
marily a security measure, air gapping can also refer to a procedure that transfers
data from one classified system to another. It is commonly used to take material
from the low side (unclassified machines) to the high side (classified machines). Data
is cut to a CD-ROM on the low side and inserted on the high side. Even isolating
the system from a network may not totally protect it.
Recent exploits have shown why air gapping is essential for critical systems. A
hacker recently claimed he infiltrated a flight control system through the plane’s
media network. More famously, the Stuxnet virus that attacked centrifuges in Iran
was introduced through a USB drive connected to the machine. Even if the system’s
external connections prevent the system from being subject to electromagnetic or
other electrical exploits, they still cannot prevent the system from insider mistakes
or threats. Under the National Security Administration’s (NSA) TEMPEST program
(Telecommunications Electronics Material Protected from Emanating Spurious
Transmissions), the U.S. government developed standards to help air gap com-
puter systems. The standards recommend minimum safe distances for the system
as well as enclosing the system in a Faraday cage to prevent intrusion.
Melvin G. Deaile
See also: Cyber Security; Hardware; Internet