“The vulnerability may be bigger than we think,” the official said, adding that the level of sophistication necessary to pull off such intrusions is so high that it is “almost without a doubt” done by state sponsors”
IOW, some 16 year old kid from the Phillipines could have done it, or the malware, which was easy to erase and detect, was not by incompetent utilities.
Translation: Don’t regulate us for our incompetence! It was spies, spies dammit! Special powers of a foreign state we could not have forseen! We hired a “former government official” to say it, that means it must be true!
I think what you say is very true. Simple dunderheadedness is probably the biggest threat we have to our electrical system, stock trading system, etc. The people who run these things often have no idea what they are doing and think nothing of plugging in their flashdrive into their workstation so they can play rogue or some such. They don’t take it seriously. Moreover engineers and programmers often build overly sophisticated systems thinking “everyone should know what I know and if they don’t, they can always pay me a maintenance fee.”