Water treatment SCADA systems are air-gapped so cloud AI literally cannot reach them

Municipal water treatment plants operate on air-gapped SCADA networks that are physically disconnected from the internet to prevent cyberattacks -- after the 2021 Oldsmar, Florida incident where a hacker remotely increased sodium hydroxide to 100x safe levels, most utilities hardened their air gaps. This means cloud-based AI for anomaly detection (detecting poisoning, equipment malfunction, or chemical dosing errors) is architecturally impossible -- there is no network path for sensor data to reach a cloud API or for the API response to reach the SCADA system. The air gap exists for critical safety reasons and will never be removed, so the only path to AI-powered anomaly detection is running models on-premise, on the same isolated network. A fine-tuned Gemma model running on an edge server inside the air-gapped network continuously analyzes flow rates, chemical levels, and pump behavior to detect anomalies that rule-based SCADA alarms miss, without ever creating a network pathway that an attacker could exploit.