IHMO, any government/sensitive systems should be completely isolated from the internet. It surprises me that much of the US infrastructure is connected to the internet. Why does the US CoC need internet controlled thermostats? That just opens up vulnerabilities.
On another note, why was the thermostat communicating with China? If these attacks were as professional as claimed and went undetected for a year, then you would suspect the "professional" hackers would use a proxy or some sort of onion routing. And the printer printing Chinese characters? Why would a hacker do that? And couldn't any "hacker" (not necessarily Chinese) have the printer print Chinese characters?
The US will get its systems secured sooner to later, but if they don't secure it now by their will, they will be *forced* to secure it later.