The article says that USB keys are used to move data on to the system from other networks. If this is true it would be better to assume that all data from that other network is bad, and require it to be serialized in a none executable format. The software then needs to validate the data against a schema. This is something websites have done for years and is very basic.

The mistake that is made here is to assume that a network can ever be secure. It is like assuming that no one will ever pee in a swimming pool.