Air-Gapped Network
A network physically isolated from the public internet. Once the primary OT protection strategy, air gaps are now eroded by IT/OT convergence, remote access requirements, and USB-based threats.
What is Air-Gapped Network?
A network physically isolated from the public internet. Once the primary OT protection strategy, air gaps are now eroded by IT/OT convergence, remote access requirements, and USB-based threats.
An air-gapped network is physically isolated from other networks, with no wired or wireless connections to the public internet or corporate IT systems. Air gaps were the primary OT security strategy for decades: if attackers cannot reach the network, they cannot compromise it. For many years, this approach was largely effective for truly isolated environments.
The air gap as a reliable security control has significantly eroded. The drivers of convergence — remote access for vendor support, industrial IoT data collection, cloud-based SCADA and historian platforms, supply chain integration — have created connections that either bridge the air gap directly or create indirect pathways through removable media. The average industrial facility has dozens of external connectivity points that IT and security teams are not fully aware of.
Even where physical air gaps remain intact, they are not impenetrable. USB-based attacks (Stuxnet being the canonical example) demonstrate that air-gapped networks can be compromised through supply chain and physical access vectors. Insider threats, compromised contractor laptops, and infected firmware updates all bypass the network-layer isolation that an air gap provides. Security programs that rely on air gaps as their primary control have no detection capability for these vectors.
Key Facts
- Stuxnet, the first known cyber weapon, successfully compromised air-gapped Iranian nuclear centrifuges via USB
- Over 90% of OT environments that were once air-gapped now have at least one external connectivity point
- USB and removable media attacks against air-gapped systems increased 30% in 2022–2023
- Remote access for vendor support is the most common source of unintended air gap bridging
How ORDR Addresses Air-Gapped Network
ORDR provides security for both air-gapped and semi-isolated OT networks. In air-gapped environments, ORDR sensors can operate entirely on-premise without internet connectivity, providing visibility, behavioral monitoring, and threat detection even in fully isolated networks. When connections to corporate IT do exist, ORDR monitors and alerts on all cross-boundary traffic.
See ORDR in actionFrequently Asked Questions
Protect your operational technology.
ORDR discovers and monitors every OT asset in real time—even legacy PLCs and SCADA systems that cannot run agents.