"No hacker can tell, based on the content of the digital record alone, who is the author of the digital record in question"
Boy oh boy. Either they're not singing their firmware (which is a serious indictment in and of itself) or proving that it was them all along will be trivial, but the ones signing off this message are unaware of this.
Overall they got caught with their pants down and handling it badly as evidenced by the fact that they don't even have a scapegoat prepared.
"Pants down" situation aside, if the firmware is not signed or verified in any way, then isn't it prone to "neutrino bit reversal", potentially causing Bad Things?
I have no idea how those systems work and what guarantees they provide, but this would be hair-raising...
You can have checksums without signatures. Not that either a commonly checked after installation so most systems are still vulnerable to random bit flips.
