Terms in plain English.

A security control that physically separates a network from other networks so data cannot move between them without a deliberate, audited action.

Classical air gaps are permanent (a network is never connected). AirGapNet implements a per-line, time-boxed variant: the line is broken by default and opens only during defined maintenance windows.

A network with no physical connection to untrusted networks. Historically used for classified, financial, and research environments.

A control whose resting state is "no path exists". The path is established only on an explicit, time-bounded request and returns to the closed state automatically.

Contrast with default-open controls (firewalls, segmentation rules) where the path exists and policy decides who may use it. A default-closed mechanism fails into 'unreachable' rather than 'reachable'.

A backup whose contents cannot be altered or deleted before a retention window expires — typically via WORM storage, object-lock policies, or hardware-enforced isolation.

Immutability rules on the storage layer slow attackers down; pairing the immutable target with a default-closed hardware switch removes the path to the target outside of backup windows.

The hardware and software that monitors or controls physical processes — manufacturing lines, power grids, water treatment, hospital equipment.

Distinct from IT in three ways: longer device lifecycles (10–25 years), tighter availability requirements, and direct physical consequences when control is lost.

An umbrella term for the systems that supervise and control industrial processes: SCADA, DCS, PLCs, RTUs, and the networks connecting them.

A class of ICS architecture that aggregates data from remote field devices to a central supervisory layer, with the option to push control commands back down.

Common in utilities (water, electricity, gas), pipelines, and large manufacturing. SCADA networks span large distances and typically have remote maintenance paths that benefit from physical isolation.

An industrial computer that executes deterministic control logic — opening a valve, starting a motor, reading a sensor — in a tight cycle, often once per millisecond.

PLCs sit at the lowest controllable layer of an ICS (Purdue level 1). They are long-lived, rarely patched, and frequently the target of vendor maintenance access.

The operator-facing workstation or panel used to monitor and command an industrial process. Sits at Purdue level 2.

A reference architecture that organizes an industrial network into five vertical levels — from physical process (L0/L1) up to corporate IT and external (L4/L5).

The model is a vocabulary, not a control. Its value is in naming the conduits between levels; physical breaks belong on conduits where reachability is needed only during defined events.

A defined period — manual, scheduled, or event-triggered — during which a normally-closed path is opened for planned work and closed automatically when the window ends.

On AGN1, the close runs on the device's local timer, not on an operator action. This removes the 'someone forgot to disconnect' failure mode that dominates vendor-access retrospectives.

An independent cellular path used to operate AGN1 — physically separate from the LAN the device is gating, so the controller is not reachable from the network it controls.

SMS from a whitelisted phone number opens the relay; the LAN never carries control traffic. Removes a class of attacks where the management interface lives on the network being managed.

A remote-access tunnel granted to an external integrator for maintenance work, typically scoped 'to a subnet' but in practice with line-of-sight to neighbouring equipment.

The everyday pattern AirGapNet is designed to retire: a permanent VPN replaced by a scheduled physical window on the line to the one device the vendor needs.

An intermediate bastion server that vendors connect to first, then 'jump' to the protected asset. Centralises access logging and credential rotation.

Jump hosts solve the credentials problem; they do not solve the path problem. The network route from the jump host to the asset remains up between sessions.

An international standards series for industrial automation and control system security. Organises the network into zones and conduits with defined target security levels.

The conduit vocabulary maps cleanly onto AirGapNet: a hardware switch on a conduit between two zones contributes to network-segmentation and boundary-protection SRs. See /compliance for the per-SR mapping.

NIST Special Publication 800-82 — Guide to Operational Technology (OT) Security. Practical recommendations for protecting industrial control systems.

Recognises physical isolation as the strongest control for high-impact conduits and uses Purdue-style architecture as a structuring reference. AirGapNet aligns with the conduit-level controls described in §6.

A grouping of assets that share security requirements. Communication between zones happens through conduits.

A network path between two zones, carrying traffic with a defined target security level. May be physical, logical, or both — the standard explicitly accommodates physical separation.

A default-closed hardware switch is one fulfilment path for a conduit-level control. The device contributes to the SR; the integrator's documentation places it in the zone-and-conduit map.