Two weeks!? My clients usually contact me within hours of a DDoS attack or maybe a day if they can't figure out what's going on at first. Also, any decent firewall with a basic policy should notice non IETF compliant HTTP Headers. I deal with false positives due to that all the time. Also, the vulnerability is free to fix.
I did do work with a country once with a National Health Care system that was under a DDoS attack for a week on a central entry point. The country had a DDoS protector, but we found out they didn't even have a contract with the company that supplied it. Also, they did not have any Security Blades enabled on the firewall basically making the firewall a bona fide overpriced router. I think the Security Admin knew networking really well, but not security. It took 20 hours of work, but at least the Sales guys loved it. I wonder if those in charge of security in this NK episode were similarly not qualified.
How do you or Director Wray think there will be any change in policy when we let our top politicians and national security officials be corrupted by cash from China? It would make a major change if he would go after and make an example of some of the collaborators, and not just Hunter Biden, he is egregious but also a boob compared to the exploits of Feinstein and Pelosi's spouses.
It takes a while to react. Remember, preparedness is the key...