A company's industrial control system (ICS) network is air-gapped from the corporate network and the internet to protect critical infrastructure. A security audit is being conducted to identify potential weaknesses. Which of the following represents the MOST significant risk of malware being introduced to the air-gapped ICS network?
Unauthorized remote access via a misconfigured wireless access point.
Data exfiltration using covert acoustic signals generated by system fans.
A denial-of-service (DoS) attack originating from the public internet.
Malware introduced by an employee using a compromised USB drive to transfer vendor updates.
The correct answer is that introducing malware via removable media is the most significant risk. Air-gapped networks are physically isolated from the internet and other networks, which neutralizes threats like denial-of-service attacks from external sources or exploitation of network-facing services. While sophisticated air-gap jumping techniques using acoustic or electromagnetic signals exist, they are complex and typically used for data exfiltration after an initial compromise. The most common and historically proven method for introducing malware into a secure, air-gapped environment is through physical media, such as an infected USB drive, often brought in by an employee or a third-party vendor. The Stuxnet attack is a famous real-world example of this vector being successfully used.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are air-gapped networks and how do they work?
Open an interactive chat with Bash
What are some common threats to air-gapped networks?
Open an interactive chat with Bash
What are some additional security measures for air-gapped networks?