
For decades, air gapping — the physical isolation of critical systems from the other parts of a network — has been treated as a gold standard in cyber defense. At nuclear facilities, or on power grids and government networks, the idea of “having a protective moat around the castle” was once equivalent to absolute security.
Whether to achieve greater maintenance efficiencies and oversight, or for commercial growth, in some instances these moats were filled in. The question is, did this change substantially lower a castle’s draw bridge, weakening the defensive ability in the face of a rapidly approaching army?
While defensive simplicity belongs to another era, the question of whether and when to evolve a new security standard remains. Today, true air gaps are rare, they are increasingly a myth we continue to repeat because the alternative feels uncomfortable.
The reality is that in a world defined by pervasive connectivity, physical separation does not provide ensured protection, but a liability disguised as tradition. Instead, air-gapping now requires a complex strategy and regular maintenance just like any other practice in cybersecurity.
The Unplugged Illusion
It is now operationally difficult for most organizations to maintain a perfect air gap. Critical environments rely on remote maintenance, smart sensors, automated backups and cloud-based analytics. And attackers know exactly where the seams are.
Stuxnet and WannaCry should have been a wake-up call. Instead, they became case studies we quote and file away. More recent incidents — such as ESET’s uncovering of the GoldenJackal APT group in late 2024 — show that attackers have not only caught up, but have overtaken organizations that believe isolation equals safety.
GoldenJackal didn’t need the internet to reach its targets. It used modular tools designed specifically to cross the “uncrossable”, smuggled in via infected USB drives, collected sensitive data and then quietly prepared exfiltration. These operations prove a simple point: if a human can access an air-gapped system, so can malware.
Air Gapping is Dead, Long Live Air Gapping
Let’s be clear, I am not arguing that the air-gapped mindset is obsolete. In fact, the principle is more critical than ever. What is obsolete is treating physical isolation as a complete strategy.
Air Gapping 2.0 acknowledges the unavoidable truth. Systems will connect — occasionally, temporarily, or through human interaction — whether we plan for it or not. The answer is not to fight this reality, but to secure it.
Air Gapping 2.0 is not a marketing slogan. It is a recognition that achieving isolation today requires logical, operational and behavioral controls layered on top of or in place of physical ones. A modern air-gapping strategy must include:
- Logical separation as the new perimeter. Micro-segmentation, one-way gateways, VLANs and firewalls must contain the blast radius before an attack reaches critical systems. For high-risk environments, a hybrid model blending physical and logical isolation provides multiple lines of defense.
- Zero Trust as the default state. Inside an air-gapped environment, nothing should be trusted automatically — no device, user, nor an update. Strong authentication, strict access controls, disabled USB ports and the four-eyes principle are essential.
- Removable media hygiene. USB drives are still the number one vehicle for breaching “isolated” systems. Every device must be scanned, controlled or blocked entirely.
- Controlled, temporary connectivity. Patches, backups and data transfers should never happen over persistent pathways. Connections must be opened only when needed, under strict governance, and closed immediately after.
- On-premise security tools built for offline environments. Cloud-native tools cannot defend systems that don’t live in the cloud. Air-gapped networks require SIEM, OpenXDR and monitoring solutions that function autonomously, locally and continuously.
- Routine, disciplined auditing. An air gap is not a set-it-and-forget-it barrier. Only constant monitoring, log review and auditing can confirm that isolation is working as intended.
- Staff training. By nature, working with air gapped systems is challenging due to multiple restrictions. And cases exist where employees try to find workarounds like unauthorized mobile wi-fi hotspots for data transfers. Thus, employee training is necessary so they understand that just one wrong step can compromise the whole security architecture.
This is not optional hardening. It is a survival strategy.
The Leadership Challenge
Leaders often assume that air-gapped systems are inherently safe because they are less exposed. But as attackers become more specialized, these environments are becoming more attractive, not less. The problem is no longer connectivity, but complacency.
Organizations that maintain physical air gaps without logical modern controls are effectively locking their doors while leaving the windows wide open. Air Gapping 2.0 closes those windows.
The original air-gap was designed for a world that no longer exists. Air Gapping 2.0 is designed for the world we actually live in. We do not need to abandon the principle of isolation — we need to modernize it.
If we do, critical infrastructure can remain resilient without sacrificing operational efficiency or innovation. In a hyper-connected world, true security lies not in unplugging systems, but in unplugging outdated assumptions.




















