In August 2024, the FBI issued a notice that an Iranian backed team was attempting to hack American political parties’ campaign information. (Miller & Balsamo, 2024). In that same month, the Trump campaign revealed that it had been hacked. (Lyngass et al, 2024). Still later, Google stated that the cyber-attacks were part of an even larger operation to interfere in the American presidential election. (Swenson, 2024).
In the 1980s hacking was primarily a prank. By the 1990s, low level criminals began to exploit the growing network in various scams and identity thefts. In the late 1990s and the early 2000s organized crime became the largest threat as Internet-based commerce became the norm. State backed hacking teams launched the early days of cyber interference and cold warfare.
None of the new threats replaced older challenges. The culprit is not always an aggressor. One of the largest cyber outages ever occurred in July 2024 due to a faulty security update by the company CrowdStrike. (Johnson, 2024).
Interconnected systems produce interconnected vulnerabilities. The assumption has been that all systems must be interconnected. One of the best defenses against network-based hacking is to disconnect the systems from the Internet. This process is called “air gapping”. It is widely used by organizations that require secure communications between and among systems. These systems are connected by a private network only to each other and to no other outside systems.
Air gapped systems cannot be remotely hacked. A hacker must have physical access. Key sniffers and similar devices can record keystrokes if in close enough proximity. If the system is encased in a Faraday cage, even the signals produced by the device are blocked.
A popular use of air gapping is system backup. The backup server is kept isolated and only connected to perform a backup as required. Should the primary server fail or be compromised, the backup server will be unaffected. The primary disadvantage is the same as the primary advantage. Physical access is required. It may seem obvious but secure systems must be maintained in secure environments.
There are methods to copy data to the air gapped systems. One is called “rafting”, using a USB drive or some other memory storage device to copy the appropriate data from the donor systems and replicate it to the quarantined system. Ideally the memory storage device will be formatted (“sterilized”) before attaching it to the donor system, ensuring that no unwanted code is preloaded on the raft. The best practice is to use a new raft for each periodic transfer and to store the rafts in case a particular version of the data needs to be reconstructed for recovery, diagnostic, or forensic reasons.
Another method is “bridging”. The quarantined system is connected to a device that handles specific types of transaction. A credit card payment terminal is a good example. The payment terminal is external to the cash register and is connected to the Internet for processing payment information. Only specific data types are permitted between the terminal and cash register, so the risk of infecting the terminal remains low.
A more flexible configuration is “hub and spoke”. Several quarantined systems are bridged to a single hub. On each system is an agent to verify each transaction. The hub preprocesses and consolidates the data from the quarantined systems and provides the systems with any required information. The agent process confirms each transfer on both sides. An example is a warehouse inventory system. Scanners would be the quarantined systems. The scanner would record items, quantities, location, and operator. As each section of the warehouse is scanned, the operator would upload the information to the hub. The scanners have no need to access any other information. In fact, there is no need for the scanners to share information among themselves. The hub would acknowledge the receipt of the information. The software agents on both sides would ensure that the correct information and only the correct information is transferred between the scanners and the hub. The hub would consolidate all of the information from the scanners and process it as necessary before contributing it to the general workflow of the operation.
There is a strong argument for the use of air gapping in smaller customer facing systems as well. Many systems simply do not need access to the entire Internet continuously in order to provide the necessary functions. Alternatively, the security provided by air gapping outweighs the risks involved in connecting that particular device to the entire Internet.
Grocery store cash registers are good example of systems that could be air gapped with a bridge to handle payment transactions. Inventory information could pass periodically to the main store system either by rafting the information with USB drives for a small operation or by using a hub and spoke system for a larger store. Self-serve gas stations could operate similarly. Each pump could have a bridge to the storage tanks to ensure fuel is available and another bridge to a payment terminal. Such an implementation would ensure that the local convenience store would have its day-to-day operations protected from hacking.
Voting systems in particular benefit from air gapping, both in actual and perceived security. Since such systems cannot be remotely hacked, the risk of election interference through network manipulation of the voting systems is eliminated.
In numerous circumstances consumers, companies, and governments benefit from systems that are connected to the Internet as long as proper protocols and security measures are implemented. However, just because it is possible to connect a system to the network does not mean it is necessary. Less connection can yield more security.
Sources:
Johnson, A. (2024, July 19). CrowdStrike Global Outage: CEO Debunks Cyberattack Claims. Retrieved August 13, 2024, from https://apnews.com/article/fbi-trump-iran-hack-campaign-02a44ea734c8ee92c4d3a576af7a79fe#
Lyngass, S., Perez, E., & Holmes, K. (2024, August 13). Suspected Iranian hackers breached Roger Stone’s personal email as part of effort to target Trump campaign, sources say. CNN Politics. Retrieved August 15, 2024, from https://www.cnn.com/2024/08/12/politics/trump-campaign-hack-personal-email-account-fbi/index.html
Miller, Z., & Balsamo, M. (2024, August 12). FBI says it is investigating after Trump campaign said sensitive documents were hacked by Iran. Retrieved August 15, 2024, from https://apnews.com/article/fbi-trump-iran-hack-campaign-02a44ea734c8ee92c4d3a576af7a79fe#
Swenson, A. (2024, August 15). Google confirms Iranian hackers are trying to access emails of Harris and Trump. Retrieved August 15, 2024, from https://fortune.com/2024/08/15/google-iran-hack-email-harris-trump/
About the Authors
Christopher H. Baum MBA PMP is the Chief Compliance Officer of VotRite. Christopher is the company’s Chief Compliance Officer. He manages certification processes and election integrity. He has spent more than 30 years delivering high-quality IT analysis and services on the use of technology in government and in the election industry in particular. Christopher can be reached at [email protected] and via the company website https://www.VotRite.com/.
Alan Pham is a second-year graduate student at Rowan University in New Jersey. He specializes in cyber security and system hardening. Alan can be reached at [email protected].