Thanks for reaching out.
do not permit internet access during builds for security reasons
Makes sense. To support this use case, the build system supports using system version and/or passing local version of most of the dependencies.
For example, to support building against system python, you could configure with -DSlicer_USE_SYSTEM_python:BOOL=ON.
And for using a local build of VTK, you could pass -DVTK_DIR:PATH=/path/to/VTK-build.
Looking at the different External_* files found in Slicer/SuperBuild directory should give some hint.
To address and discuss remaining issues, you could also join our weekly hangout. It will be advertised in this topic: Weekly Hangout for Slicer user and developer - #50