Air gap

Noun

1. A physical separation between systems that requires data to be moved by some external, manual procedure.

Source: Election Terminology Glossary - Draft, National Institute of Standards and Technology (NIST), https://pages.nist.gov/ElectionGlossary/

2. The physical separation or isolation of a system from other systems or networks.

Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary

3. A physical separation between systems that requires data to be moved by some external, manual procedure. Also called “Sneaker Net.” Election systems often use air gaps intentionally to prevent or control access to a system. Copying election results to a CD or USB drive, then walking that media to a different computer for upload and use in a different system is an example of an air gap.

Source: Glossary - Introduction to Information Technology for Election Officials, U.S. Election Assistance Commission, https://www.eac.gov/assets/1/28/Glossary_IT-Terms_Managing_Election_Technology.pdf; The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf

4. A network or computer is considered air-gapped when it is not accessible from the public internet. This is an extreme security measure used to isolate sensitive computers where the security risks involved with being connected to the internet outweigh the associated benefits. However, an air-gapped system can still be attacked; that is, just because it is not connected to the internet does not mean it cannot be attacked via other methods. For example, if the system still requires data to be transferred into or out of it, then the medium (USB stick, memory card, etc.) used to transfer the data may carry a malicious program.

Source: Election Cybersecurity 101 Field Guide – Glossary, Center for Democracy & Technology, https://cdt.org/insight/election-cybersecurity-101-field-guide-glossary/

5. A term referring to the lack of an electrical or wireless connection between two devices, guaranteeing that they are unable to communicate. 2007 Voluntary Voting System Guidelines (VVSG).

Source: Electronic Voting Glossary, Michael I. Shamos, https://collaborate.nist.gov/voting/pub/Voting/Glossary/Shamos-Election-Glossary.pdf

6. An interface between two systems at which (a) they are not connected physically and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control).

Source: Committee on National Security Systems Glossary, CNSSI 4009-2015, https://rmf.org/wp-content/uploads/2017/10/CNSSI-4009.pdf; The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf

Verb

1. To physically separate or isolate a system from other systems or networks.

Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary; The Cyber Glossary, National Security Archive, George Washington University, https://nsarchive.gwu.edu/news/cyber-vault/2018-09-19/cyber-glossary