For a long time, air-gapping was seen as the only real way of making systems ‘unhackable.’ Sadly, even unconnected systems are being successfully breached.
It was bound to happen. IT and security professionals have long said that the only way to be totally safe online was to be, er, not online.
That worked for a while until hackers managed to attack Bluetooth networks and breach apparently unconnected computers.
Organisations and governments have used Air-gapping as the only foolproof way of ensuring security around extremely sensitive data.
Now, even that last bastion of safety has been blown away.
And it is about espionage. And it is now all but proven that it is in the realm of nation-states. As soon as a tool that compromises air-gapping processes is revealed, the source goes cold. The technical processes are best described here, but the idea is that you insert a USB drive into your computer and an ‘auto run’ programme kicks into action, and your data is suddenly being examined in some underground bunker in Russia, China or North Korea (other bad guys are available).
Air-gapping vulnerabilities prove that nothing is safe and nothing is sacred. Soon, every nation will have the power to spy on everything they want, and every nation will have the power to switch off vital infrastructure.
In short, we are heading swiftly into a digital Cold War.
Unlike a real Cold War, when it is a bit obvious that you have blown up a country or two, there will be the rhetoric and the lies that come with any type of blousy brinkmanship between puffed up nations such as the US and [insert name of favourite puffed up nation].
If you keep yourself briefed on security issues, it is a depressing time.
Air-gapping and its vulnerabilities aside, hacking is becoming a tool to carry out social crusades (sorry social media, your time is over). Now, receipt printers in stores are being hacked. Every so often, messages spew out, saying ‘are you being underpaid’ or ‘form a Union’ or ‘only abusive employers will be afraid of these messages.’
The problem with security is that it is and always will be reactive. You have to wait for the bad guys to make a move before the good guys can react, report and remove the threat.
If air-gapping is no longer safe, it is hard to see what is. Maybe we have to go back to using those old operating systems that no one even remembers, and only old guys with beards know how to work.