If you're interested in security, I can recommend grabbing yourself a copy and having a read.
I recently read it and found it to be both terrifying and fascinating at the same time.
The US government today confirmed China's Volt Typhoon crew comprised "multiple" critical infrastructure orgs' IT networks in America – and Uncle Sam warned that the Beijing-backed spies are readying "disruptive or destructive cyberattacks" against those targets. The Chinese team remotely broke into IT environments — primarily …
a. What idiots connect their critical infrastructure to the Internet.
b. If the spooks hadn't diluted security on internet-facing appliances then such breeches would not be possible.
c. If the US military industrial complex stopped fermenting instability in all parts then such geopolitical tensions would not occur.
d. Would you please keep this neocon nonsense off a technical forum.
e. This isn't the US and we don't believe the television.
On your point a)
The answer is, mostly everyone :(
There's hardly a country out there that hasn't connected critical infra. Main excuse is to allow remote troubleshooting/monitoring.
But also, air gapping won't always help (it certainly reduces the risk though)
Stuxnet ran riot on the Iranian centrifuges and that complex was air gapped. A suitably placed agent just needs a usb/network port or whatever and off they go.
When it comes to state-sponsored hacking, you can probably assume they will eventually find a way in. What you need is suitable mitigation for when/if they launch their bot/worm/malware/etc
...... so do something/anything/everything right for a pleasant change
The Abiding Persistent Threat Problem which the West has, [and as are identified and be allied to the previously mentioned dozen Five Eyes government agencies ....... the US Cybersecurity and Infrastructure Security Agency (CISA), US National Security Agency (NSA), US Federal Bureau of Investigation (FBI), US Department of Energy (DOE), US Environmental Protection Agency (EPA), US Transportation Security Administration (TSA), Australian Signals Directorate's (ASD's) Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), a part of the Communications Security Establishment (CSE), United Kingdom National Cyber Security Centre (NCSC-UK), and New Zealand National Cyber Security Centre (NCSC-NZ)] are their need to defend and deflect attention and fundamental forensic investigation away from the fact that they are bound to try to protect and promote the indefensible and inequitable even as their actions and arguments in support of the operation further reveals and reinforces popular effective resistance and overwhelming competition against the abhorrence rendering them worthy of being justifiably fearful for their pathetic lives.
In such a scenario, sticking your head in the sand or doubling down on a current bet that things will soon pass and get better and back to normal and the way things were is a recipe for a vast series of increasingly rapid, totally unexpected and spontaneous self-destructive disasters.
So, what's the AIMasterPlan to be, to prevent or circumvent United States Unilateral Systems Meltdown?
Go on, spoil yourself. Look, listen and learn with a mother about Big Brother.......... Tucker Carlson.... Ep. 70 Governments colluded to shut down and destroy Russell Brand.
You really should, even if you don’t want to, for you are seriously disadvantaged and easily harmed and pwnd if you don’t ....... just like sheep are, going to slaughter.