As in his previous work, an attacker needs to be able to infect the target to plant the badware that gathers (for example) passwords from the keyboards and put that data into a modulated fan signal.
His definition of crossing the air-gap must differ from mine. If you can infect the target at the level necessary to perform the subsequent leak then I'd argue there isn't really a proper air-gap there. Some fuckwit plugging shit into a machine that can infect it isn't really air-gapped it just doesn't have a network connection and, to my mind, that isn't the same thing.