Why Air-Gapped Machines Aren’t Automatically Safe

John W. Harmon, PhD
Jul 29, 2025
3 min read

When it comes to protecting critical equipment and production data, many manufacturers and machine shops still rely on air-gapping—the practice of keeping sensitive machines completely disconnected from the internet or internal networks. On the surface, this seems like a smart move. After all, if a machine can’t connect to the outside world, how could it possibly be compromised?

Unfortunately, the idea that air-gapped systems are automatically secure is a dangerous myth. In today's world of advanced cyberthreats and evolving attack vectors, air-gapping is no longer a guarantee of safety.

Let’s break down why.

🔍 What Is an Air-Gapped System?

An air-gapped machine is a computer or device that is physically isolated from unsecured networks, such as the public internet or even a local area network (LAN). These systems are often used in:

CNC controls
SCADA and PLC systems
Quality control stations
Workstations with proprietary CAD/CAM designs
Legacy systems supporting critical infrastructure

The intent is to create a “security bubble,” preventing hackers from ever reaching the device.

But here’s the problem…

The Myth of Isolation

While air-gapped machines may be disconnected from networks, they are not disconnected from people—and that’s where most security breakdowns happen.

Here’s how attackers still breach air-gapped machines:

1. USB Drives and Removable Media

Employees often use flash drives to transfer files between machines. One infected USB device is all it takes to introduce malware—even if the target system has never touched the internet.

→ Case in Point: The infamous Stuxnet virus spread through USB drives and crippled air-gapped nuclear systems in Iran.

2. Insider Threats

Even with the best intentions, employees can unintentionally introduce malicious files or software. In more serious cases, disgruntled insiders may intentionally infect or sabotage air-gapped systems.

3. Firmware and Hardware Attacks

Attackers have found ways to embed malware in the firmware of devices, such as printers, BIOS chips, or even mouse dongles. These infected components can then execute attacks once connected—even if the host system is isolated.

4. Wireless and Electromagnetic Attacks

Although rare, researchers have demonstrated that air-gapped machines can be exfiltrated through electromagnetic signals, acoustic signals, or even LED light patterns. This type of attack is advanced but real—and becoming more practical every year.

Air-Gapping Without a Security Plan Is Just Risky

Many shops rely on the "set it and forget it" model—installing a critical CNC or control system, air-gapping it, and assuming it’s secure forever. But over time, patches are missed, logins are shared, USBs are re-used, and vulnerabilities grow.

This is where a real IT and security strategy comes into play.

How to Protect Air-Gapped Systems the Right Way

If you're going to run air-gapped machines, follow these best practices:

Implement Strict USB Policies

Use only company-issued, scanned, and encrypted USB devices
Block all unauthorized USB access with endpoint protection software

Control Access

Assign individual user credentials (no shared logins)
Implement strict physical security to locked systems and rooms

Patch Strategically

Even air-gapped systems need periodic patching and updates
Work with an MSP like Computer Solutions to establish a secure patching protocol

Log and Monitor

Keep logs of all file transfers, access attempts, and maintenance events
Use offline logging tools to ensure accountability

Document Everything

Maintain detailed IT documentation—who touched what, when, and why
This is essential for audits, insurance, and compliance (especially if you're pursuing CMMC or NIST 800-171 compliance)

Don't Just Disconnect—Secure

At Computer Solutions, we’ve worked with manufacturers, fabricators, and machine shops across Southwest Virginia who rely on air-gapped systems every day. We understand your operational constraints—and we know how to secure your critical infrastructure without disrupting your workflow.