FYI encryption and authentication aren't the same thing. They may both use private keys, but something can be encrypted without being authenticated and vice versa.
In this case, if the operators added authentication, without adding encryption, it would prevent attacks, despite the data being planely readable.
The article is clear that they were able to replay messages. So even adding authentication by itself wouldn't be enough to prevent simple replay attacks. They would need to update the protocol to add "freshness", e.g., some kind of counter, timestamp or nonce that prevents the acceptance of recorded messages.
This is actually a huge upgrade, given that there are so many receivers. It's one of those "really, really bad but probably won't be abused until we're in the midst of an actual kinetic conflict" things. But then again, we're moving into a world where infrastructure gets attacked even during "peacetime."
I mean Russia for example has been busy sabotaging undersea cables and the likes already, it's not like kinetic conflict would necessary be needed for such a scenario. Especially considering there's no direct way of even finding out who did it - no physical presence needed - no tracking like with ships..
In this case, if the operators added authentication, without adding encryption, it would prevent attacks, despite the data being planely readable.