[stunt]

What you explained doesn't solve the problem. You still want to have an unidirectional network in place at least between your critical infrastructure to the monitoring systems.

Monitoring systems are usually separate and often have their dedicated network too, but they still need some sort of network connection to your critical infrastructure to do their job (monitoring).

[mikewarot]

If you put a data diode between your infrastructure and the internet, you can see the status from anywhere, yet never compromise it from the outside.

[stunt]

Yes, I think we are on the same page.

I was trying to explain that having a separate monitoring infra and network group wouldn't work as a replacement for unidirectional network setup, because you sill need to open network access between critical infra and the monitoring system in your design, which will expose it to the internet.

So like you said, you still need to have an unidirectional network in place.