Jimmy you are 100% correct and it has only gotten worst over the last few years. I can not say where i work or what my current duties are (of course OPM has already lost that information), but I can say I work government IT and security.
The major issue is the government is still in a react to technology state. They are never in the forefront of change and it has bit them more times than once. It also doesn't help with all the cut downs and draw backs, the interns and the lower level employees who actually do the work and understand the technology/security get let go and the higher ups who are left have no clue what they are doing when those duties get dumped in their lap.
The government needs to re-access their priorities and move to a secure and proprietary system, but no they will still use systems that run windows, connect to Facebook, miss IAVA updates, not use HTTPS, not enforce two-factor authentication and let anyone with any skill to hack them out of their precious information.
Hopefully this will finally bring some of these issues to light, but I will not hold my breath.