EtherGap FAQ | The Firewall Of The Future

What is EtherGap?

EtherGap is an Ethernet air gap controller that protects critical systems by physically disconnecting them from the network when not in use.

Unlike firewalls, VLANs, or software-only security controls, EtherGap breaks the actual physical network path, making remote network attack impossible while the air gap is open.

Systems are connected only when needed and disconnected again immediately afterward. EtherGap provides true Layer 1 physical isolation with out-of-band control.

What’s the difference between logical or virtual air gaps and EtherGap?

Logical or virtual “air gaps” are software partitions operating within the same data and control plane as the network or device being protected. As such, they remain subject to continual attack and compromise no different than traditional firewalls or other software security controls. Their control plane is subject to continual attack and eventual compromise.

EtherGap is fundamentally different. EtherGap is a hardware air gap — it literally disconnects the network path at OSI Layer 1, making connection impossible when the air gap is open.

Additionally, the control signals responsible for opening or closing the air gap are physically separate from the protected network itself, preventing an attacker from directly reaching the EtherGap control plane to manipulate isolation state.

Whereas the control plane of a virtual or logical air gap or traditional firewall remains exposed to attack 100% of the time and is therefore subject to eventual compromise, EtherGap’s control plane is isolated and therefore immune to direct network attack from the protected environment itself.

This is known as out-of-band signaling and is an integral part of the EtherGap patented architecture (U.S. Patent 11,425,102).

Does anyone else make a true Layer 1 air gap with out-of-band control besides EtherGap?

The short answer is no because EtherGap holds the patent on this technology. Air gap has a very specific meaning in network engineering: physical disconnection. Only EtherGap offers true Layer 1 air gap protection with physically separate out-of-band control. That is why other implementations are described as “virtual” or “logical” air gaps rather than true physical Layer 1 air gaps.

This distinction matters because EtherGap separates the control plane from the network paths being protected. When control and data exist within the same plane, attack is continual and compromise becomes a question of when, not if.

With AI-assisted attacks and future quantum computing capabilities reducing the time to compromise of traditional software-based security controls, physically isolated Layer 1 protection becomes increasingly important.

How does one close or open the EtherGap air gap?

There are many options. The simplest is just touching the open/close buttons on the integrated touch screen.

This can also be done by connecting to the device over a private dedicated LAN administrative network and remotely performing the same operation from a remote desktop session.

EtherGap can also schedule any number of one-time or recurring open/close operations of any duration using the built-in scheduler.

There are many triggering and automation options available, including the ability to write custom software or scripts for specific operational requirements.

Can EtherGap be used to meet compliance regulations?

Yes. EtherGap can support compliance efforts by providing true Layer 1 physical isolation, controlled connectivity windows, physically separate out-of-band control, and tamper-aware logging of administrative and isolation events.

EtherGap is especially well suited for environments where network segmentation, controlled remote access, operational accountability, and reduction of attack surface are critical compliance objectives.

EtherGap has already been deployed specifically in support of NERC CIP-related requirements for critical infrastructure protection. The EtherGap architecture may also support compliance initiatives involving frameworks or standards such as IEC 62443, NIST 800-53, NIST CSF, SOC 2, CMMC, PCI DSS, HIPAA, CJIS, and other high-assurance security environments requiring strong isolation controls.

Because every environment, architecture, and regulatory obligation is different, compliance applicability depends on how EtherGap is deployed and integrated into the larger security architecture.

If you would like to discuss a specific regulatory framework, operational requirement, or compliance objective, please contact EtherGap for a consultation .

Need More Information?

Every environment and deployment requirement is different. If you have questions about EtherGap architecture, compliance applicability, deployment scenarios, operational workflows, or integration into your environment, we would be happy to discuss your requirements.