FFS
Similarly, the earlier order sought to explore ways to promote cyber resiliency in the private sector by creating financial incentives (ie, tax breaks) to spend on cybersecurity. The signed order turns to market transparency to encourage critical infrastructure entities to properly mitigate cyber risks.
Oh, ffs, that is already done for physical security - an object deemed national infra immediately gets a set of extra rules, regs and responsibilities by the company which manages it. It is the case in USA, it is the case in most other NATO countries. Try being an owner of a major hydroelectric and leaving it with no physical security. The regulator will have your arse on a plate.
Why it was so difficult to follow the Russian example and extend this to cybersecurity. They have the same regs as us, but added cybersecurity and definitions of what is national infra as far as internet is concerned in law last year.