Should Industrial Companies Adopt an Air-Gapped Network? 

By Julie McDaniel
Vice President Marketing
February 6, 2025

An air-gapped network operates in isolation with no direct or indirect connection to any other local area network (LAN) or wide area network (WAN). Its primary function is to protect sensitive systems and data from cyber threats by reducing the number of vulnerable entry points. Should an intruder manage to breach one network, they would find it impossible to access data in another parallel network.

The role of air-gapped networks in IIoT

In the Industrial Internet of Things (IIoT), air-gapped networks are designed to secure systems from cyber threats. These networks are particularly valuable where the compromise of operational technology (OT) systems could lead to safety hazards, production downtime, or loss of proprietary information.

Functionality-wise, air-gapped networks in IIoT settings are employed to:

• Isolate critical control systems, such as industrial control processes, where unauthorized access or modifications could have significant consequences.
• Protect sensitive data, including Industrial designs, formulas, and operational data that constitute competitive advantages.
• Mitigate the risk of cyber attacks by isolating systems that could be used to access operations, thus reducing the attack surface.

To ensure no cross-connection with external or internal networks, an air-gapped network requires separate cables, switches and routers. Data transfer across the air gap, when necessary, happens via manual means, such as USB drives or other removable media — under strict security protocols to prevent malware transfer.

Air-gapped network concerns 

Implementing air-gapped networks in industrial settings presents several challenges that companies need to address to balance security needs with operational efficiency.

1. Operational complexity

An air-gapped network increases the complexity of managing IT and OT systems. The physical separation necessitates additional hardware, distinct maintenance schedules, and separate security protocols. Each of these elements adds layers to the operational workflow, potentially slowing response times to issues that arise within the segregated networks.

2. Data transfer limitations

A key challenge with an air-gapped network is the limited options for transferring data. Manual processes, such as using USB drives or other removable media, introduce inefficiencies and can still be vectors for malware if not properly managed. Strict security protocols for scanning and transferring data are essential, but they also add time and resource costs.

3. Increased costs

Implementing an air-gapped network requires investment in additional physical infrastructure — separate cabling, switches, routers — and potentially duplicated systems to ensure redundancy. This setup leads to higher initial capital expenditures and ongoing operational expenses, including increased energy consumption and the need for specialized personnel to manage and secure the isolated environments.

4. Limited accessibility

For industries relying on remote monitoring, the isolation of business-critical systems can hinder access to real-time data, which can affect decision-making and response times to operational issues.

Addressing the concerns of air-gapped networks 

Addressing the concerns associated with implementing air-gapped networks in industrial settings requires thoughtful planning and strategic execution to ensure that enhanced security doesn’t come at the expense of operational efficiency and flexibility.

Companies can mitigate operational complexity by adopting a layered security approach. They can employ robust internal controls, monitoring, and intrusion detection systems to quickly identify and respond to threats that may arise from internal sources or through manual data transfer methods.

To address data transfer limitations, organizations must establish strict, standardized procedures for handling and scanning removable media. Dedicated, secure scanning stations that check for malware in a controlled environment outside the air-gapped network is one example. Employing data diodes for unidirectional data transfer can also provide a secure means of sending data out of an air-gapped network without the risk of external threats entering.

Higher costs can be managed by carefully planning the air-gapped network to align with operational requirements without overbuilding. Leveraging virtualization within air-gapped networks can reduce physical hardware needs, while carefully selected, energy-efficient hardware can help minimize ongoing operational expenses. 

Finally, to overcome limited accessibility, industrial companies can implement controlled interfaces that allow for secure, limited external connectivity when necessary. These interfaces can support updates and secure remote access under stringent protocols, offering a balance between isolation and accessibility. Using secure, dedicated devices for remote access and employing strong encryption and multi-factor authentication can further mitigate risks associated with connectivity.

Enhancing network security with Perle

Enhancing network security in industrial settings, especially when employing air-gapped networks, requires sophisticated and reliable networking solutions. Perle's IRG Cellular Routers and Gateways offer a robust option for reinforcing the security and integrity of these isolated networks. 

With advanced features like secure VPN connectivity, AAA security services (including TACACS+, RADIUS, and LDAP), and the ability to operate in harsh and hazardous environments, Perle's routers are well-suited for the demanding requirements of industrial applications. 

They support a variety of communication protocols, ensuring compatibility with a wide range of industrial control systems. Furthermore, their built-in GPS/GNSS capabilities can enhance the tracking and management of physical assets, providing an additional layer of security and operational efficiency. 

Find out how Perle's IRG Cellular Routers and Gateways can be integrated into your air-gapped network strategy to achieve a secure, efficient, and resilient industrial network infrastructure.