[mikewarot]

The main function of this gear is preventing the ingress of control to a sensitive network, whilst also allowing a controlled outflow of data for monitoring. I think the design choices made were all quite reasonable. Given that it passed an audit, it seems reasonably trustworthy.

The stock raspberry pi doesn't have wireless ports to serve as potential side channels. The use of an opto-isolator means that data is constrained by physics to only flow in the desired direction, no matter what happens in either Raspberry Pi.

It should be possible to replicate this for less that $200 in hardware.