electronic protected health information (ePHI) remains secure is imperative to the success of all CISOs. Leveraging an air-gapped environment is one option that can help mitigate the risks associated with storing and handling ePHI.
CISOs in healthcare are up against an ever-evolving threat landscape rife with vulnerabilities. We must manage a steady stream of implementation requests for cutting-edge technologies while simultaneously addressing threat actors incentivized to exfiltrate patient data. As the challenges grow, so do the expectations. Ensuring
Computer environments started off air-gapped, but with the advent of networking infrastructure, there was a rapid transition to the creation and utilization of interconnected environments. These environments allowed for several benefits, including increased productivity, expedited workflows, and rapid data sharing. However, with those gains came greater risk, including a more complicated and nefarious threat landscape. Air-gapping environments have been a concept that CISOs who manage ePHI have historically utilized to address the additional risk.
Storing and managing ePHI comes with high expectations from patients as well as from the Department of Health and Human Services. Air-gapping could be an excellent part of your overarching security apparatus in maintaining HIPAA compliance. ePHI is not the only type of high-value restricted data that requires significant protection. Air-gapped environments can typically be found within the 16 critical infrastructure sectors, including but not limited to, financial services, critical manufacturing, defense, emergency services, government, and nuclear.
As with most designs, an air-gapped environment has advantages and disadvantages that need consideration before committing. While some advantages and disadvantages may be apparent, a few are worth highlighting.
Advantages of Air-gapping:
- Contributes to the overall organizational security, essential to those industries that must comply with security frameworks that protect high-value restricted data — the more secure the data, the less risk imposed upon the organization.
- Can significantly reduce your attack surface as it relates to your high-value restricted data by eliminating the ability for a threat actor to infiltrate via a network connection.
- Limits the spread of malware. Given the architecture of an air-gapped environment, if malware does find its way into the environment, it would be contained within the environment, limiting the potential for widespread propagation to other networks.
- Minimizes the expenses associated with the resources and infrastructure required to stand up and maintain the environment. It may result in a cost-effective way to mitigate risk, depending on the complexity of your needs.
Disadvantages of Air-gaping:
- False sense of security. Just because you implement an air-gapped environment does not mean your data is safe from unauthorized exfiltration and attacks. Three attacks that will resonate are Stuxnet (2010), Flame (2012), and Phineas Fisher (2015).
- Not impervious to malware. The following are a few methods that have the potential to facilitate the exfiltration of data from an air-gapped environment:
- LED-it-Go – Malware that can encode sensitive data and leak data by way of the LED signals emitted from a PC (think hard drive LED) that can then be picked up by a remote camera.
- BitWhisper – Malware that can bridge the air-gap between compromised computers, placed in close proximity, by using their built-in thermal sensors and heat emissions to create a covert communication channel.
- PowerHammer – Malware that intentionally alters CPU utilization levels which affects the consumption of electricity. Data can then be encoded into a power consumption pattern which can then be decoded further down the electrical line.
- Fansmitter – Malware that can regulate the speed of internal computer fans to control the sound emitted from a computer. Binary data can then be modulated and transmitted over these audio signals and picked up by a remote recording device, which can be as simple as a mobile phone.
- AirHopper – Malware that can decode radio frequencies emitted from a computer monitor, video card or cable.
- The expense associated with the resources and infrastructure required to stand up and maintain the environment can add up quickly, depending on the complexity of your needs.
- Software maintenance is also a challenge. Devising the processes and protocols needed and ensuring proper patching cadence can be a significant challenge, yet essential, in keeping the software within an air-gapped environment up to date.
It is important to note that while one of the main advantages of an air-gapped environment is the significant reduction of a protected environment’s attack surface, attacks are still a harsh reality. The commonality among the methods for attack listed above is malware. Maintaining a robust and comprehensive physical security plan, inclusive of a strong anti-virus solution, is crucial to the security of an air-gapped environment. Additionally, it is critical to have safeguards in place that not only prohibit unauthorized individuals from these environments but also safeguards that restrict unauthorized devices from being brought in. If there is a need for devices to be brought into an air-gapped environment, a protocol should be established that dictates how a device should be validated as “clean” prior to its acceptance into the environment and the device should be added to a device whitelist found on the systems within the environment.
Along with having a keen awareness of the advantages and disadvantages noted above, it is essential to understand the four common types of air gaps when considering which concept might apply to your needs:
Total physical air gap
- A total physical air gap is the simplest form of an air gap. An example of the total physical air gap would be a device that has all communication components removed/disabled, which then requires all users to pass through the physical security controls before accessing said device to execute a task.
Partial air gap
- Partially air-gapped infrastructure still provides air-gapping security but typically will have a defined set of ports opened to allow for communication purposes. The exposure is only by exception, and the environment is still tightly controlled. This method enables information to be reasonably accessible to the broader team while maintaining a security level that protects this data.
Logical air gap
- A logical air gap segregates and protects a network through logical means. An example would be to use a combination of hashing and encryption with role-based access controls that would yield a similar security outcome as that associated with a total physical air gap.
Isolated or Segregated Air Gap
- Isolated or segregated air-gapped infrastructure would consist of assets not connected to the same network as other assets but may still exist in the same rack.
Adopting an air gap concept may significantly enhance an organization’s ability to protect ePHI. With this architectural design employed, an organization is able to placate the concerns that come with safeguarding ePHI data by eliminating substantial risk to both the business associate and the covered entity.
As healthcare organizations and vendors look for ways to contend with the ever-evolving threat landscape and compliance expectations, the utilization of an air-gapped environment is one concept that may supplement your security architecture and allow for the navigation of compliance expectations more easily. However, considerable due diligence is required to ensure the concept is right for your organization. Factors such as, but not limited to, cost, administrative overhead, and security framework expectations should all be considered when making that determination.
Read more cybersecurity articles:
Avani Desai: Rising Cyberattacks and Stringent Regulations Spike Security Budgets
Building a Resilient Business Culture by Embracing Cybersecurity