I think I can help you somewhat. A DDOS attack is a reasonably decent idea, but you're correct that it doesn't pass technical muster due to the airgap nature of government networks.
Instead, I think a better scene would go something like this: Shown in summary (gonna need a MONTAAAAGE? seriously though, keep it tasteful) your antagonist steals the identity of some people then proceeds to apply for jobs at government contractors with the stolen credentials. Once hired, your antagonist cases the network and locates a weakness in the physical topology of the airgap network (the cabling) and places a network tap onto one of the lines. Since having someone just randomly digging into wiring conduit in a secure facility would raise suspicion, you'll need some kind of distraction or justification that would make his activity seem normal. A DDOS attack isn't really a good excuse given the conditions, so it might be better to have your antagonist do something which creates some kind of intermittent network disruption. This presents a bit of a problem because while it is certainly possible to create such a distraction, it's pretty hard to demonstrate it in an entertaining fashion with the context of a film. With that in mind, I'd probably opt for something that simply passes as "plausible" such as a device that, when plugged into the network, generates some array of network faults (loopback errors, broadcast floods, etc.) In the interest of not letting the science get in the way of a good story, you could simply show him or her plugging what looks like a surface-mount box with an ethernet port on one side and an ethernet plug on the other. Have your protagonist plug whatever was plugged into the port originally into the port on the outside and walk away. After that, you can have an expository scene in which some network admins are discussing intermittent traffic anomalies and suggesting that they could have a faulty device on the network or possibly interference from failing electrical equipment. This results in the networking team having to evaluate the physical network components in search of such a device and ultimately gives your antagonist the opportunity to attach a network tap to one of the poorly-secured airgap cables and run something like metasploit against the secure servers. Once your antagonist is able to secure a remote session via a Metasploit, you show him or her copying a new kernel (containing some elaborate rootkit or whatever your plot requires) to the penetrated server via SSH.
Just like the infamous nmap scene in the first Matrix film gave the movie a bit of authenticity, I think showing plausible scenarios and real technologies will be far better and more entertaining than the typical "hacker typer" movie magic stuff.