To me, this is a joke! I high level fluff statement with no meaning. Let me know when they actually has a US version of GDPR! It is one thing to say you will hold places accountable but there is nothing to back it up. It seems a bit like when they first came out with the Can-Spam Act, that had no teeth to back it up. As for partnership between public and private, yes they already tried that and it's a one way street! The want the private to feed them info with little to nothing coming the other way.

Change is needed and blame needs to be placed in the proper places, but I see this doing nothing to achieve that.

My .02

John-

In concept they are trying, however, subjects such as AI means that attacks can occur in minutes instead of weeks.   https://abcnews.go.com/Politics/new-cybersecurity-strategy-rolls-amid-ai-buzz-concerns/story?id=9766...

We no longer live in a world of FUD (Fear, Uncertainly and Doubt), we know attacks occur with the average attack cost per incident in the region of US $9 Million, according to recent reports. 

We need stronger leadership and guidance, that means that the C-Suite actually are trained, and developed to lead, rather than have lipservice, because it costs XYZ and it will never happen here attitude.   It is happening all around us, and especially within new technologies - look at the latest reports which states that the US is 20 years behind the Chinese in AI, Quantum Technology and various others. 

https://www.forbes.com/sites/craigsmith/2023/01/14/chinas-ai-implementation-is-edging-ahead-of-the-u...

Stronger investment, development, legal mandates are required to enforce a change in mind, or the actual economy will be directly affected and companies will go into liquidation due to an attack, they cannot with stand or recover from.

Regards

Caute_Cautim