The term "air gap" describes the literal gap of air between a sensitive system and any network. The concept predates modern computing — isolated systems have been used in classified environments since the Cold War. What changed in the past decade is that targeted attacks against air-gapped systems became a documented reality rather than a theoretical concern. Stuxnet, which destroyed centrifuges at Iran's Natanz nuclear facility, crossed an air gap. The attack vector was USB drives carried by contractors who had no idea they were ferrying malware.
That example reframes the question. Air-gapping isn't a passive property — something you achieve once and maintain automatically. It's an operational discipline that must be actively upheld, and the most common failure mode is the humans using the system, not the hardware.
Who Actually Needs an Air-Gapped Machine
Before building one, be honest about whether your threat model justifies the operational overhead. Air-gapped systems are difficult to use and easy to break without realizing it. The use cases that warrant them are genuine but narrow:
- Long-term PGP / GPG key storage. A master certification key should never touch a networked machine. Generate it air-gapped, certify your subkeys, then keep the master key offline. This is the operational security model recommended by the OpenPGP community and used by major software projects that sign releases.
- Cryptocurrency seed phrases and hardware wallet initialization. Any seed phrase generated on a networked machine is potentially compromised. Air-gapped generation eliminates the largest attack vector.
- Classified or extremely sensitive document review. Journalists with access to leaked classified materials have used air-gapped machines to process documents before any network-connected system sees them.
- Certificate Authority private key storage. Root CA keys for internal PKI should never be on networked hardware.
If your threat model is a remote attacker exploiting a vulnerability in your browser or email client, disk encryption plus a patched system is the right tool. Air-gapping imposes significant operational cost for a threat profile that more targeted software controls address more practically.
What "Air-Gapped" Actually Requires
A laptop with Wi-Fi turned off in software is not air-gapped. The wireless card is still physically present, still runs firmware, and is one driver bug or firmware exploit away from being a radio transmitter. True air-gapping means:
- Physical removal of all network hardware. Remove the Wi-Fi and Bluetooth cards from the machine entirely. If they're soldered (many modern laptops), purchase hardware designed for air-gap use — older ThinkPads with removable cards are a common choice, as is the Raspberry Pi with radio hardware removed.
- Physical removal or disabling of the microphone. Acoustic side-channel attacks against air-gapped systems have been demonstrated in research. Fansmitter (2016) exfiltrated data by modulating CPU fan speed. This is exotic, but in a high-stakes environment it's worth eliminating.
- Controlled physical access. The machine lives in a physically secure location. The threat model for an air-gapped machine is almost entirely physical — an adversary who gains physical access to it wins.
- Strict media control. Every USB drive that touches the machine is a potential attack vector. If you need to transfer files to or from the air-gapped system, use a dedicated USB drive that never touches another machine, and verify files before introducing them.
The USB Transfer Problem
Air-gapped systems are useless if nothing can get in or out. But every data transfer is a potential attack vector. The Stuxnet case is instructive: the malware was engineered specifically to jump air gaps via USB and was seeded into contractor organizations' supply chains years before its payload activated.
Practical mitigations for USB transfers:
- Uni-directional data transfer where possible. Some workflows can be designed so data only flows one direction. For PGP key operations, you can prepare encrypted data on a networked machine, transfer to the air-gapped machine for signing, and transfer the signed output back — without any data flowing from the networked machine that executes arbitrary code on the air-gapped one.
- Dedicated, single-use transfer media. A USB drive used for air-gap transfers should never be used in a networked machine's OS context. If you must use it in a networked machine, do so in a live OS session (Tails) that doesn't mount the drive's filesystem automatically.
- QR codes as low-bandwidth air-gap bridges. For small amounts of data (PGP signatures, cryptocurrency transactions), encoding output as a QR code displayed on screen and scanned with a camera eliminates the USB vector entirely. The Gordian Envelope standard was designed partly with this workflow in mind.
Air-gapping is a last line of defense — it's meant to survive the failure of every other security control. That's only useful if the gap is real.
Operating Systems for Air-Gapped Use
The OS matters. A Windows installation with a stale patch level is a worse starting point than a minimal Linux installation, even when both are air-gapped. Common choices:
| OS | Best For | Notes |
|---|---|---|
| Tails (live USB) | Short-session sensitive work | Amnesic by default. No persistent state unless configured. Good for document review. |
| Debian minimal | Persistent air-gapped workstation | Requires manual hardening. Smaller attack surface than full desktop installations. |
| Qubes OS | Compartmentalization alongside air-gapped VMs | Supports air-gapped VMs with no network access inside a networked host. Splits the threat model differently. |
| Windows | Not recommended | Larger attack surface, telemetry concerns, more complex to audit. |
Side-Channel Attacks Against Air-Gapped Systems
A sophisticated adversary with physical proximity to an air-gapped machine can extract data without any network connection through side-channel attacks — a genuine and documented research area, though not a practical concern for most threat models.
Demonstrated techniques include:
- TEMPEST / Van Eck phreaking: Reconstructing screen contents from electromagnetic emissions using a receiver outside the building. Commercial shielding products exist for high-classification environments.
- Acoustic exfiltration: Using ultrasonic audio from a nearby compromised device to receive data exfiltrated through speaker or fan modulation.
- Power analysis: Extracting cryptographic keys by measuring power consumption variations during computation — relevant for HSMs and smart cards, less so for full computers.
- AirHopper, BitWhisper, GSMem: Academic demonstrations of exfiltration via RF emissions from GPU, thermal gradients, or memory bus operations. All require close physical proximity and a compromised device in range to receive.
For virtually all non-nation-state threat models, these attack paths are not relevant. If they are in your threat model, you're operating at a classification level where purpose-built shielded facilities are the standard tool, not a home-assembled air-gapped laptop.
The Practical Air-Gapped PGP Setup
The most common legitimate use case for an air-gapped machine in the privacy community is PGP master key management. The recommended workflow:
- Generate the master certification key on the air-gapped machine using GnuPG.
- Generate subkeys (signing, encryption, authentication) — also on the air-gapped machine.
- Export public key and subkeys to a USB drive. Move the USB to a networked machine and import.
- Store the master key offline — on the air-gapped machine's encrypted disk, plus encrypted backups on separate media in separate physical locations.
- The networked machine never sees the master private key. Subkeys can be revoked and replaced if compromised without touching the master.
This model is used by Linux distributions, certificate authorities, and security researchers who sign releases. It separates the high-value secret (the master certification key, which establishes your identity) from the operational keys (subkeys used daily), limiting blast radius if a daily-use device is compromised.
If you're managing encrypted communications at scale — for a newsroom, an activist organization, or any group that handles genuinely sensitive material — combining an air-gapped key management system with an application-layer encrypted messaging solution gives you defense in depth: the key material is protected even if the messaging infrastructure is compromised.