Air-Gapped Encryption

This article is part of the Quantum Snake Oil Dictionary — a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Misused Term.

“Air-Gapped Encryption”

A note before we begin. This entry examines “air-gapped encryption” as it appears in security marketing. I am not writing about any specific company or product. Air gaps are real and useful, and encryption is real and essential. The phrase that combines them is the problem, because it joins two ideas that operate at different layers and then implies a guarantee that neither one provides.

Two Real Ideas, One Undefined Phrase

An air gap is a network architecture decision. It means a system has no physical or logical connection to untrusted networks, so data cannot flow in or out over a wire or a radio. It is a containment measure, and for the right systems it is a good one.

Encryption is a mathematical transformation. It converts plaintext into ciphertext so that only a party holding the key can read it. It protects confidentiality regardless of what network the data crosses.

These are different tools for different jobs. One isolates a system; the other protects data. “Air-gapped encryption” treats them as a single feature, which is the first sign that the phrase is doing marketing work rather than describing a mechanism. You can run an air-gapped network, and you can encrypt data, but gluing the words together names nothing specific. Ask what algorithm “air-gapped encryption” uses and you are back to ordinary questions the phrase was meant to skip.

The Contradiction Inside the Term

There is a deeper issue than vagueness. The two ideas partly cancel each other.

Much of the value in post-quantum cryptography lies in protecting data in transit and in protecting authentication. The harvest-now-decrypt-later threat targets traffic captured off the wire today and decrypted years later. If a system is genuinely air-gapped, there is no wire and no transit to harvest, so the in-transit case for swapping algorithms largely falls away inside that boundary. An air gap and post-quantum migration answer different threats. Marketing that bundles them as one offering is selling a combination that does not combine.

What an Air Gap Does Not Do

Air gaps also carry their own well-documented limits, and “removes the risk” is not among the things they deliver. The Stuxnet operation crossed an air gap to reach Iranian centrifuge controllers, carried in on removable media rather than over a network. Air gaps are bridged by USB drives, by insiders, by supply-chain implants, and by the simple fact that data eventually has to move to be useful.

Even on a perfectly isolated system, encryption still has work to do, and that work still has attack surface: the key material, the implementation, the endpoints where data is decrypted to be used. An air gap does not remove any of that. So a product promising that “air-gapped encryption” closes the exposure is promising on two fronts that neither tool actually covers.

Questions to Ask a Vendor

“Which part is the air gap and which part is the encryption, and what specific algorithm does the encryption use?” A real answer separates the two and names a standard, such as a NIST post-quantum algorithm. A circular answer treats the bundled phrase as if it were the specification.

“If the system is air-gapped, what data-in-transit threat is the post-quantum encryption protecting against inside that boundary?” This surfaces the contradiction. If there is no transit, the in-transit argument is hollow; if there is transit, the system is not really air-gapped.

“How does the design handle the ways air gaps are actually crossed — removable media, insiders, supply chain?” A serious vendor has thought about this. A marketing phrase has not.

The Bottom Line

An air gap isolates a network and encryption protects data, and both belong in a security architecture. “Air-gapped encryption” is not a third thing that inherits the strengths of both. It is a marketing fusion that obscures which mechanism is doing what, leans on a contradiction when the system is genuinely isolated, and quietly implies a completeness that neither air gaps nor encryption can deliver. Ask the vendor to separate the two ideas and name the algorithm. The phrase rarely survives the request.