Funny how none of the defense contractors that were hacked by the Chinese had to face these charges. Some rules for some, other rules for the rest of us.
You can consider whatever you want to be gross negligence. The legal system, on the other hand, would look to things like the exact circumstances, the reasons things were done as they were, and whether and to what degree the relevant actions deviated from relevant rules, regulations, and standard practices in similar situations.
And unless you have all of that information, you can't possibly make that judgement.
Like I said, it's just my opinion dude, so don't get all worked up. And if you're not getting worked up, my apologies, but that's how your replies seem to me.
For instance, it seems like common sense or widely accepted practice that sensitive materials should be stored on machines that should be air-gapped, and common knowledge informs legal decisions about what is gross negligence or not.
"If one has borrowed or contracted to take care of another's property, then gross negligence is the failure to actively take the care one would of his/her own property."
Obviously this is open to interpretation and maybe the contractors responsible leave their own private affairs open willy-nilly to the world, but I would suppose they shouldn't have security clearance then...
How are you proposing that tens of thousands of people around the globe working together on multi-billion-dollar projects perform their jobs effectively if all the information is stored on isolated machines?
Geographic isolation, first, so no more "globe-spanning" workforce on trillion-dollar projects. Then they can only work on a dedicated internal network on machines they leave in the office, which media-isolation limited to heavily controlled workstations so someone can't copy things over USB or burn it to disk or upload it via a VPN tunnel.
That seems fair, considering the magnitude of the expenditures and the nature of the work.