You're correct, but after watching the video and understanding how their network was attacked (all starting with the customer Router), I've attributed this more towards poor policy/design (which can be exploited by a large range of attackers) vice special information and/or capabilities reserved for state/country funded attackers. But even with this said, I think I get your point (I'm going off on a tangent). My opinion on the matter; All bets are off when it comes to state/country funded attackers. These are the organizations that lead me to my "nothing is ever 100% secure" conclusion. What we've seen insinuates that these level of attackers have access to information and capabilities that your average attacker probably does not have (example; vendor back-doors, compromised certs/keys, black rooms, etc). Unfortunately for us, these do a very good job subverting the current implementation of infrastructure security (which for the most part, is/was designed based on certain levels of trust that may no longer exist). I'm sure the industry will adapt and evolve (as will the attackers).