The piece is explicitly about retiring outdated security advice and doesn't claim to provide a complete, coherent defensive posture (that posture would have to depend on who you are and what your threat model is!). I don't like that they included the "recommendations for the public" section, but I don't think there's a reasonable way to read it as intending to be a complete action plan.