Air-gapped secured systems

Dear all

In regard of linked articles:
RAMBO attack uses RAM in air-gapped computers to steal data

Researchers warn about new "SATAn" that can hack air-gapped PCs using SATA cables

Attacking Air-Gap-Segregated Computers

1.
All the methods to hack air-gapped systems, do they all require malware on the targeted system to work?
Also the one with SATA-cables?

2.
Those mentioned devices that can hack air-gapped systems, are they easily available to the average hacker?

3.
All the mentioned methods of hacking an air-gapped system, is it NSA-level or something the average hacker could do?

Thank you

1. Typically yes some type of malware or purpose built device is involved in airgap attacks and often there are two points of infection, but not always.

2. Since nearly all of these attacks require intimate knowledge of mechanisms beyond your tradition "computer person or pen tester" they're much rarer to be executed by your average pen tester or threat actor

3. Same as # 2

Caveats, there are companies out that build purpose built devices, but still require some knowledge to use not to mention overcoming the challenges typically faced with physical security controls and procedures in place to keep them air gapped and accessed only by approved personnel.

Well if malware gets into the supply system, and those engineers from external company's are infected. And they are going to do there updates on locations, then malware can come with them into an airgapped system.

NSA has a saying, no airgapped system is really airgapped and can still be misused.

Good documentary about the stuxnet, that explains a bit about this topic: Zero Days (2016).