When Chinese hackers stole a load of information about the F-35 it wasn't because they pulled off some righteous hack that required skill, perseverance and a high degree of technical knowledge, but precisely because protection of such sensitive data is sloppier than the good practice guidelines claim it should be.
I worked for the US military many years ago as a civilian programmer and I'd agree with this based on what I saw. I don't want to embarrass the particular branch of the service by naming them, but I used to say that their motto ought to be "Using yesterday's technology today" based on how many antiquated computer systems we had to work on and support. We actually had a system that still used punch cards and when I was in college the course books were already beginning to mock punch cards as being ancient technology. I can say that the government really doesn't want to be incompetent and have bad security, but the powers that be have too much blind faith in civilian contractors and Snowden burned them very badly as a result. The lesson that should be learned from this is exactly what Congress has been saying for years - "We need fewer non-government employees with access to these sensitive programs and their data" - but you'll be able to knock me over with a feather if there's a decrease in contractors as much as 10% as a result of this.