I have to question the "myth" of the Air-Gap that is referenced. A proper Air-Gap or Data Diode for SCADA systems provides a level of protection that cannot be denied. However, if the company stops doing security at the point of the Data Diode, yes you are vulnerable. However! Stuxnet is proof both that Air-Gaps work and that you can get around them. Stuxnet had a variety of 0 day vulnerabilities that were exploited. Including the payload that targeted specific Siemens systems. The damage and spread could have been much worse without the air-gaps that existed in the Nuclear facility. But, it also showed that overly trusting anything can lead to infection.

Like everything in Cyber Security. Defense in Depth is a must. You have to do all levels to have security. Malware Scanning, Heuristics, Best Practices, and yes, Data Diodes/Air-Gaps for super critical systems (Like Nuclear Reactor Control/Shutdown systems). In many cases, SCADA should remain Analog or have Analog backup to the Digital side to ensure that you can bring the system to a safe state.

As a disclaimer, I'm in Nuclear.