Chances are, one of the first places you may have heard about an air gap computer was on TV. Olivia Pope on “Scandal” knows what air gap technology is. Elliot on “Mr. Robot” knows how to circumvent an air gap to gain access to highly secure information. Even Aaron Sorkin’s “The Newsroom” characters know that air gap technology is the final word in endpoint security.
The premise behind air gap is using PCs that are not connected to the internet, other devices or the company’s primary network. Plenty of TV shows have leaned on the idea of air gap to further storylines involving highly classified data, espionage, secret sources and more. That said, while some shows get it right, others are way off-base when it comes to the accuracy of air gap technology.
Does your favorite show pass the air gap security test? Scroll down to find out, but be warned: spoilers ahead!
When Huck (Guillermo Diaz) goes missing at the height of season 6, Quinn (Katie Lowes) and Charlie (George Newbern) are hot on his trail, suspecting Meg (Phoebe Neidhardt) has something to do with his disappearance (and perhaps even demise). They make their way to Meg’s house to discover it has been completely cleaned out and Meg is gone. Huck had installed a security system in her house in earlier episodes to track her activity; however, Quinn quickly realizes that the security system has been completely pulled out from the wall, leaving only a few exposed wires. She pulls on the wires coming from the wall and discovers a hidden air-gapped laptop. Huck has been using the air-gapped laptop to back up all the data collected by the security system he installed. Quinn and Charlie then use the data on the laptop to locate Meg by the end of the episode and kill her.
Air Gap Grade: D
Air-gapped laptops are not connected to an external network or the internet, and most security systems are networked. We don’t know if the security system was connected to the internet or just to Huck’s hidden laptop. If it was connected to the internet, then the hidden PC was not air-gapped. If neither the security system nor the laptop were connected to the internet, then it could potentially be considered air-gapped. However, the exclamation that it’s an “air gap laptop” immediately upon finding it hidden in the wall earns the D grade.
Fans of “Mr. Robot” are no strangers to air-gapping. Midway through season 1, Elliot (Rami Malek) is forced to devise a plan to get his girlfriend Shayla’s (Frankie Shaw) drug dealer out of jail, and he must work quickly to infiltrate the prison’s network. When devising a plan, he realizes the prison’s security system is air-gapped. To circumvent the air gap and hack into the prison’s network, he asks Darlene (Carly Chaikin) for help. She writes malicious code and puts it on multiple USB drives that she then scatters throughout the prison’s parking lot in the hopes that an oblivious corrections officer will pick one up and plug it into his or her computer. It all goes according to plan when a corrections officer does just that. However, he immediately sees something is wrong and powers off the computer before the malicious code (which was faulty) could be fully executed.
Air Gap Grade: A
No surprise here, but the writers at “Mr. Robot” know what they are talking about when it comes to cybersecurity and air-gapping. Elliot and Darlene’s plan to drop USB drives containing malicious code in the prison parking lot is not far from reality. Introducing an infected USB drive is one of the ways cybercriminals can gain access to an air-gapped device, provided they can get physical access to the system. If only Darlene’s code had worked the way it was supposed to!
In season 3, Neal Sampat (Dev Patel) is communicating with a source through encrypted communications. This source asks him to get an air-gapped computer to provide Neal with classified government documents via a flash drive. After he relays this information to his boss, Will McAvoy (Jeff Daniels), Will hands Neal his credit card and tells him to go buy an air-gapped computer. Neal comes back to the office with a new laptop, sets it up and accesses a trove of classified documents via the flash drive.
Air Gap Grade: B-
This storyline nearly gets it right. Air-gapped PCs are just regular PCs that are not connected to an external network (WiFi, physical, Bluetooth or otherwise). Since Neal is an IT guru, he would understand how to set up the PC so that it remains air-gapped. That said, it’s not nearly as easy as he makes it look. If he walked into a Best Buy and asked where the air-gapped computers were, he would have some trouble. Once you buy a PC, you then need to take additional steps to configure it, install the necessary software as anonymously as possible and ensure that the minimum number of files are installed via USB or optical disk.
Air Gap in Reality
As these points illustrate, the aura and mystery of air gap technology makes for an excellent plot point—but the reality is just as interesting. The infamous Stuxnet virus that ultimately destroyed centrifuges used at a uranium enrichment plant in Iran in 2010 is one of the most well-known instances of a targeted attack on an air-gap environment. The story of how it happened could easily be the basis of an espionage thriller for the big screen.
That doesn’t take away from the fact that for high-security organizations like utilities, critical infrastructure, banks, government agencies and other heavily regulated companies rely on air-gapped devices to have a higher level of security. However, this also exposes them to additional risk, as these systems may not be updated frequently to keep up with newer threats. Devices still need an additional layer of security to protect against insider threats and USB-based attacks such as the one in “Mr. Robot.”