I think the main reasons are panic, incompetence, politics, etc. The first thing in any security is a continuance plan - what if..

Done this 35+ years and never, ever accepted any security plans there was no recovery of any (well, you just can't be prepared %100) problems. Has been handy sometimes, lucky enough not having "bad" things but (interesting) mistakes happen and they can be as bad for security as anything!

Now, I don't know him but I have been reading, etc he was asking what the city wanted a long time and never got an answer? Of course - he should have done the plans and designs just by himself, almost a suicide in any place but something you do anyway if you are really good. Now - he wasn't a "security person" (as far as I know?), just responsible of network so there is a huge difference!

Unfortunately today instead of looking what is good for an institution, corporate, etc and a common sense, the world has gone more specializing, certificates, policies and "silos", the management attitude "not my problem" and even the employee attitude "I'm not paid to do that" or "I'll be in trouble bringing it up", which are true.

And I agree, if it wouldn't be a city or any other public institution, nobody would ever see or know about that incident!