Tachyon is correct. If someone needs access to the internet and classified systems at the same time, he or she will have TWO separate systems on the desk. While oversight into non-classified systems isn’t overly tight, those systems carrying classified information are critically screened. It does give off an impression of lax security though when PUBLIC web servers are defaced. I imagine they get hammered 24/7. No one here can honestly say they would come out ahead if those groups targeted your own domains. I wouldn’t boast that in public anyway.

This could be and example of how a small oversight into configuration of a webserver is very costly.