What if you had to build a network where every device was assumed compromised? You’d start by building an air-gapped network, right? What if you then needed to figure out how to make the network actually usable and manageable to your dev and system engineers, within the constraints of your existing infrastructure? Air-gapped networks are often treated as the gold standard for protecting high-value or high-risk systems, but in practice they are rarely as isolated as we assume. Most “air-gapped” environments still require software updates, data transfer, monitoring, and human interaction. Each of these necessities slowly reintroduces connectivity, creating pathways for compromise that are frequently undocumented, poorly governed, or misunderstood.

This talk examines how air-gapped networks actually operate in the real world: how data moves in and out, how systems are patched and managed, and how physical hardware and supply-chain risks undermine the promise of isolation. Using real-world incidents, we’ll explore why air-gapping often hides risk rather than eliminating it.

However, rather than arguing that air-gaps are totally useless, this session proposes more resilient alternatives, an air-gap++ solution, if you will. We’ll discuss DMZ-style clearing houses for controlled data transfer, the strategic use of cloud-based services, defining trust boundaries, separation of certificates, and operational practices like burner devices.

This talk will be one part cautionary tale, one part design blueprint, one part security engineer’s wishlist as we explore an approach to designing and managing a high-risk network in a manner that insulates and protects your broader networks.