Re: The elephant in the air gap
Many "air-gapped" systems have some of: data ports, external drives, CD/DVD drive, network card, unlocked computer chassis. All that is meant by "air gapped" is that remote access is not possible, not that the systems can never be connected to anything else by people on site.
IIRC the Stuxnet intrusion was believed to have happened through service engineers systems being compromised (back at base) and then brought into the secure area and connected to the airgapped control computers for maintenance activity.
Presumably Stuxnet has led to many improvements in security, but I still think it is unlikely SCADA systems are never connected to other devices for maintenance purposes.