[jandrewrogers]

Definitely! I've worked on the design of these types of systems, there is more subtlety to the security models than people assume. Some of the designs in the wild have what I would consider to be notable weaknesses.

The most interesting subset of these systems are high-assurance bi-directional data paths between independent peers that are quasi-realtime. Both parties are simultaneously worried about infiltration and exfiltration. While obviously a misnomer, many people still call them diodes...

The entire domain is fascinating and less developed than you would think.

[jacquesm]

And even if you do get it right, there is always that one guy that takes a USB stick and plugs it into your carefully air-gapped systems. And cell modems are everywhere now, and so small even an expert could still overlook one, especially if it is dormant most of the time.

[indolering]

It's in a proto state due to anemic academic funding. We need to throw cash at the problem.

[jandrewrogers]

Yes, it is underfunded for sure. I have been underwhelmed by what academia has managed to produce, funding aside. It is a solvable problem but you have to give the money to the people that can solve it in an operational context, which rarely seems to happen.

It is a genuinely fun project for someone with sufficiently sophisticated skill but I suspect there is relatively little money in it, which colors the opportunity and outcomes.

The absence of clear commercial opportunity gives the domain a weird dynamic.