[protomyth]

They can gather the data on the infrastructure network and then carry across an air gap on a USB or tape to do their analysis. I don't see the upside of allowing any connectivity to the internet given the danger other than some mechanism for sending an alert. I'm sure creative people can air gap that too (camera on the internet side and some image recognition for example).

[procarch2019]

That's massively inconvenient, although I'm sure necessary in some cases. Some businesses actually perform analysis in 'real time' so they can adjust the process accordingly, witch requires that data be accessible. This may actually be such a case as I'm sure they have to interface with customers (tank farms) to react to supply/demand on the branches. For all I know Colonial does have a private network for that purpose though. Usually PAT is really for chemical processes where you are looking for a particular yield and those analytical services are located closer to the process (in terms of networks).

There are devices called data diodes that provide unidirectional network topology, but not all time series data interfaces can work with them.

All in all, I agree that total air gap is obviously the best way to mitigate network attack vectors, but sometimes not practical. No controlling device should be at level 3 or 4 though (business or enterprise level).