Network air gaps need to be actively managed.

We’ve been told the most secure network topology has an air gap with public internet and adjacent data networks – how secure is an air gap in your opinion?

Air gaps can be secure but that doesn’t mean they are secure. The proliferation of wireless comms of all kinds, including Blue Tooth and ultrasonics, as well as the capability many devices have for seeking networks and networked devices, means you can’t assume an air gap offers complete protection. Longe range wireless links can also create vulnerabilities.

Something else to consider with air-gapped solutions is physical security of network components, redundancy of components, support for components and maintenance of components. An isolated network will require all the usual support but may not be able to report faults to maintenance teams. Staying on top of service issues like firmware updates and drive replacement is going to be more challenging, more expensive and more likely to be delayed or ignored.

Field installations of gear that would usually be tucked up in a network closet are very high stress and there will be high temperatures, high humidity, salty air, vibration, vandalism and dust to contend with. All these things mean hardware will fail early and control boards, terminations and connections are more likely to corrode.

Air gaps need to be actively managed.