An air-gapped network is often seen as one of the strongest ways to protect sensitive systems from cyber threats. The idea is simple enough. If a network is physically separated from the public internet and from less trusted environments, attackers have far fewer direct ways to reach it.
That is why air-gapped networks are used in high-security settings across defence, government, critical infrastructure, manufacturing, transport, energy, and other operational environments where a cyber incident could have serious real-world consequences.
But air-gapped does not mean risk-free.
Even highly isolated systems still need to exchange data at some point. Software updates, engineering files, diagnostics, logs, maintenance tools, and operational reports all need to move between environments. That is where the challenge begins. The real question is not only how to isolate a network, but how to move data in and out without creating a pathway for malware, ransomware, or unauthorised access. In practice, that makes removable media one of the most important security issues in any air-gapped environment.
What is an air-gapped network?
An air-gapped network is a network or system that has been deliberately separated from untrusted networks, especially the internet. In the strictest sense, there is no direct wired or wireless connection between the protected environment and the outside world.
The purpose is straightforward. By removing normal communication paths, organisations reduce exposure to remote compromise. Malware that depends on internet access, external command-and-control channels, or direct access to connected services has a much harder time reaching the protected environment.
This is one reason air-gapped networks remain so important in operational and industrial settings. Some systems control physical processes. Some support nationally important infrastructure. Some hold highly sensitive data. In all of these cases, the cost of compromise can be far higher than in a standard office IT environment.
Air gap vs network isolation
People often use air-gapped network and isolated network as though they mean exactly the same thing, but they do not always describe the same architecture.
A logically isolated network may rely on segmentation, firewall rules, VLANs, or strict access controls. That can still provide strong protection, but it is not the same as removing connectivity altogether. An air-gapped network is usually understood to have no ordinary communication path to external or lower-trust systems.
That difference matters because the risks are different too.
| Approach | What it usually means | Main strength | Main limitation |
| Network segmentation | Internal boundaries created with firewalls, VLANs, or routing rules | Easier to manage at scale | Still depends on correct configuration |
| Logical isolation | Systems are separated through policy and access control | More flexible than full physical separation | Misconfiguration can weaken the boundary |
| Physical air gap | No direct network connection to unsecured systems | Strong reduction in remote attack paths | Data movement becomes more difficult |
In other words, an air gap can significantly reduce exposure, but it also makes day-to-day operations more dependent on tightly managed transfer processes.
Why organisations use air-gapped networks
Air-gapped networks are usually adopted where the impact of a cyber incident is too serious to accept normal levels of exposure.
Typical examples include:
- industrial control systems and plant networks
- defence and classified environments
- utilities and critical national infrastructure
- transport and airport systems
- research, manufacturing, and OT environments
- systems supporting sensitive public services
These environments tend to prioritise availability, integrity, and controlled change over convenience. They may also rely on legacy platforms, specialist software, or operational workflows that cannot simply be replaced with cloud-based alternatives.
That is why air-gap strategy is never only about architecture. It is also about process. A network can be isolated by design, but if everyday data movement is poorly managed, the protection can be undermined by the very tasks needed to keep the environment running.
How air-gapped networks actually work
At a high level, an air-gapped network works by removing or tightly restricting pathways between trusted and untrusted environments.
That can include:
- no internet connectivity
- no direct routing to business IT networks
- no ordinary inbound or outbound traffic
- tightly controlled import and export procedures
- dedicated workflows for approved files
- restricted use of removable media and peripheral devices
Some environments also use additional controls such as dedicated transfer stations, screened rooms, disabled wireless interfaces, or one-way data transfer technologies.
Common components in an air-gapped environment
| Component | Purpose |
| Isolated operational network | Keeps critical systems separate from external risk |
| Transfer control point | Provides a managed way to move approved data |
| Dedicated scanning workflow | Checks files and devices before they enter protected systems |
| Audit logging | Records what was transferred, when, and by whom |
| Policy enforcement | Defines what media, users, and file types are allowed |
| Segmented internal zones | Limits how far a problem can spread inside the protected environment |
The main security benefits of air-gapped networks
Air-gapped networks are used because they can reduce some of the most common attack paths used in modern cyber incidents.
Reduced exposure to remote threats
If a system cannot be reached directly over the internet or through connected enterprise networks, many opportunistic attacks become much harder to execute.
Stronger protection for critical processes
In environments where systems control real-world operations, isolation helps protect continuity, safety, and reliability.
Better control over data movement
When designed properly, air-gapped environments force organisations to think more carefully about what is imported, what is exported, and what should never cross the boundary at all.
Less reliance on always-connected security models
Some environments cannot depend on cloud-first tooling or constant telemetry. Air-gapped designs support a different approach, with more emphasis on controlled access, local inspection, and verified transfer.
These benefits are real, but they only hold if the organisation also secures the practical ways data enters the environment.
Why air-gapped networks are still vulnerable
This is where overconfidence can become a problem.
An air-gapped network is not unhackable. It is simply harder to reach using conventional remote techniques. That still leaves other routes into the environment, and the most obvious one is removable media.
USB devices, external storage, portable diagnostic tools, and maintenance laptops can all act as bridges between connected and isolated systems. CISA has warned that USB drives can be used to spread malware between computers, which is one reason removable media remains such an important control point in air-gapped environments.
That is the weakness many organisations must manage in practice. The air gap itself may be strong, but the workflow around it can still become the point of failure.
Common air-gapped network vulnerabilities
| Risk area | How it appears in practice |
| Unchecked removable media | USB devices carry files or malware into protected systems |
| Contractor access | Third parties bring tools, updates, or portable devices into the environment |
| Maintenance workflows | Temporary transfers bypass normal controls under pressure |
| Human error | Approved processes are skipped for speed or convenience |
| Weak audit trails | Organisations cannot prove what entered the network or when |
| Trusted device assumptions | Familiar devices are treated as safe without proper inspection |
The key point is simple: isolation reduces some risks, but it also concentrates attention on the few remaining entry points. If those points are not properly controlled, the whole security model becomes less effective. Logging also matters more than many teams realise. The UK’s NCSC has highlighted the importance of collecting the right event data for security monitoring, and that wider principle applies just as much to removable media workflows, transfer points, and USB insertion events in controlled environments.
Removable media in air-gapped environments
Removable media continues to play a major role in air-gapped networks because it solves a practical problem. Files still need to move.
That may include:
- software patches
- firmware updates
- maintenance tools
- engineering plans
- exported logs
- incident evidence
- configuration files
- operational reports
This is why removable media security matters so much. In many environments, banning USB outright is not realistic. Operational teams still need to move data, apply updates, and support equipment. The real issue is whether those transfers are controlled, inspected, and logged before they reach sensitive systems.
That is where related topics such as removable media cyber security fit naturally into the wider conversation. If removable devices remain part of the workflow, they need to be treated as a formal part of the threat model, not as an afterthought.
How to secure data movement across an air gap
The strongest air-gapped environments are not just isolated. They are disciplined.
They rely on defined, repeatable processes for importing and exporting data, and they treat removable media as a high-risk pathway that must be controlled every time.
Good practice usually includes:
- approved device policies
- dedicated scanning before connection
- controlled transfer stations
- separate workflows for import and export
- file verification and logging
- least-privilege access for operators and contractors
- regular review of transfer procedures
This is also where wider controls around USB cybersecurity and removable media security become highly relevant. The issue is not simply that USB devices can be risky. It is that portable devices should be inspected, validated, and controlled before they interact with sensitive systems.
Example: a simple secure transfer workflow
| Step | What happens | Why it matters |
| 1 | Approved media is issued or registered | Reduces unknown-device risk |
| 2 | Files are added in the lower-trust environment | Keeps origin clear |
| 3 | Media is scanned at a dedicated control point | Helps detect malicious content before entry |
| 4 | Actions are logged | Supports audit and incident response |
| 5 | Approved media enters the air-gapped environment | Maintains control over the boundary |
| 6 | Files are imported by authorised personnel | Limits unnecessary exposure |
Air-gapped networks in real-world sectors
The concept becomes easier to understand when viewed in context.
Industrial and manufacturing environments
Factories and industrial sites often use isolated networks to protect operational systems. Maintenance teams may still need to move updates, diagnostics, or machine files through portable media, particularly where direct connectivity is limited or intentionally removed.
Utilities and critical infrastructure
Energy, water, and transport systems often include a mix of legacy and modern technology. Some assets are too sensitive to expose directly, which makes air gapping attractive, but also makes transfer control essential.
Defence and government
Classified network environments rely heavily on boundary control. In those settings, the question is not simply whether files can cross domains, but how they are checked, approved, and logged.
Healthcare and specialist operational settings
Certain laboratory, diagnostic, or specialist systems may be isolated because of sensitivity, compatibility, or regulatory concerns. Even there, data still needs to move, which makes disciplined media handling vital.
Air-gapped networks and modern threats
Air-gapped networks are especially relevant in a world of more targeted malware, adaptive attack chains, and increasing concern about threats that move through trusted workflows rather than obvious external connections.
A threat does not need to arrive over the network to be dangerous. A compromised device, malicious file, or infected update may be enough.
Air-gapped networks are especially relevant in a world of more targeted malware, adaptive attack chains, and increasing concern about threats that move through trusted workflows rather than obvious external connections.
A threat does not need to arrive over the network to be dangerous. A compromised device, malicious file, or infected update may be enough.
This is also why air-gapped security now overlaps with wider conversations around AI-driven threats and the growing sophistication of AI malware. In parallel, organisations handling removable media are also paying closer attention to polymorphic malware, particularly where files or devices need to move into sensitive environments.
These are not separate issues. They all point back to the same operational reality: if data must cross into sensitive systems, the transfer method becomes part of the attack surface.
Common misunderstandings about air-gapped networks
A few assumptions come up repeatedly.
“Air-gapped means unhackable”
It does not. It means harder to reach through conventional remote methods.
“Segmentation is the same as an air gap”
Not always. Segmentation can be valuable, but it is not the same as removing connectivity altogether.
“If we trust the user, we can trust the USB”
That is a risky assumption. Well-meaning users can still introduce compromised files or devices.
“The answer is banning all removable media”
In some settings that may not be practical. Secure transfer is often still operationally necessary.
“The main challenge is building the isolated network”
In reality, the harder challenge is often maintaining the environment properly over time.
Best practices for maintaining an air-gapped network
Building an air-gapped network is only the first step. Maintaining one requires consistent operational discipline.
| Best practice | Why it matters |
| Define strict transfer procedures | Prevents ad hoc shortcuts |
| Inspect all removable media | Reduces risk at the boundary |
| Log imports and exports | Improves visibility and accountability |
| Limit contractor pathways | Controls one of the most common exceptions |
| Review policy regularly | Keeps procedures aligned with real operations |
| Use dedicated control points | Makes secure transfer repeatable and auditable |
Where organisations operate in highly controlled environments, related subjects such as sheep dip in cybersecurity and IEC 62443 USB security requirements also fit naturally within the wider air-gap discussion. Both are relevant when the focus shifts from isolation itself to inspection, compliance, and controlled transfer.
Final thoughts
Air-gapped networks remain one of the strongest architectural approaches for protecting high-value systems from external cyber threats. They are especially important where operational continuity, safety, and system integrity matter more than convenience.
But the real challenge is not simply disconnecting a network.
It is managing everything that still needs to cross the gap.
That includes removable media, contractor workflows, maintenance activity, software updates, diagnostics, and exported data. The more sensitive the environment, the more important it becomes to treat those transfer points as formal security controls rather than routine admin tasks.
An air-gapped network can significantly reduce exposure and make remote compromise much harder. But if data movement is left unmanaged, the same isolation that protects the environment can be undermined by the practical work required to keep it running.
That is why the strongest air-gapped environments are never built on separation alone. They are built on separation, control, verification, and repeatable process.
