A friend worked on it and had this to say: "The strategy establishes an affirmative, values-driven vision for a secure cyberspace that creates opportunities to achieve our collective aspirations.... it calls for two fundamental shifts: (1) rebalance the responsibility to defend cyberspace--the digital ecosystem's biggest, most capable, and best-positioned actors--be they in the public or private sectors--can and should assume a greater share of the burden for mitigating cyber risk; and (2) realign incentives to favor long-term investments. It advances these two fundamental shifts across five pillars."
This was also positioned in a geo political sort of way by law enforcement (not by my pal) as a safeguard for U.S. businesses against intrusions from a state actor / global competitor. it's a big deal that could have intended and unintended consequences, regardless of the messaging around it.
We're witnessing in a potential shift in the liability framework around software from big vendors, and it's about time. There were a few tragic rail bridge collapses during Victorian era before bridge construction was regulated. Railways were were a key part of the transportation revolution that industrial Britain. Technology is no different in its role today.
I worked in life safety for a number of years, and couldn't have a single faulty product. We'd not have survived one big recall. How different is the software that manages food supply chain, utilities, medical services (and more)? Ultimately, I'm hoping that it encourages greater responsibility and a competitive market versus consolidation.