Taking homegrown infosec seriously?
112 page report. 367 words devoted to "cyber" apart from a column about a vaguely expressed programme of "seeking" " to adopt some simple principles" when engaging with the crypto industry" and a few passim honorific mentions of the word "cyber" elsewhere in the text. That's probably about as seriously as government is ever going to take infosec (regardless of whether home grown or not).
The fundamental infosec problem we face is an actually increasing fragility as our infrastructure becomes more reliant on IT and the IT simultaneously becomes more vulnerable to attack. Part of this is due to inadequate practitioner skills in its design, implementation or deployment, but a large contribution is appallingly poor operational management of IT once in service. This is not a new problem nor is it restricted to any nation. We reported on it in 2016 to the US Commission on Enhancing National Cybersecurity (again the parochial emphasis: "national" as in "homegrown") and it was an established and growing problem even then.
Fundamentally. at all stages of the life cycle, insufficient expertise and attention are being applied to protect our critical infrastructures, globally. And it is global as no nation can isolate itself in the cyber domain without disconnecting from the net.