A lot has been written about Stuxnet, one of the big revelations was the malware had jumped an air-gap. The on-going debate is whether air-gaps work, or would joining the networks in a controlled way REDUCE the vulnerability.
Stuxnet is a highly sophisticated computer worm that targets SCADA systems. The worm initially spreads using infected removable drives such as USB flash drives, and then uses other techniques to infect and update other computers inside private networks that are not directly connected to the Internet. Once inside the private network it includes a highly specialized malware payload to target SCADA systems control and monitor specific industrial processes.
Security is obtained when a combination of people, product and process all operate together to create an effective mitigation. In the Stuxnet case, the process of using a USB stick to transfer data enabled the security attack.
In a background briefing document Air-Gaps, Firewalls and Data Diodes in Industrial Control Systems, Nexor describe how the use of Data Diode technology can be used to enable business data flows in a controlled way, reducing the need for data transfers via USB sticks. This alone would not have prevented Stuxnet, as the briefing document explains, additionally data guard technology is vital to ensure the data that flows over the connection conformed to the schema of the expected business process.