So, I think this conversation needs a fire, beer and a clear sky. But here is the short version of it. This incident is much lower on the scales of 'oh my god' than the NHS hospitals being hijacked by a similar (actually almost exactly the same) methods. It was built by govt agencies, to take down exactly this sort of thing - in other countries.
So that's one part.
The other part here is that a lot of infra, a lot of systems are run to the same soft of compliance and specs as traditional old world was. The old world thinks this is how they remain relevant. The new world isn't the old world, and needs new processes, new compliance specs, new models and most of all - different set of competencies to run.