The federal government isn't quite sure.
The acting National Cybersecurity Director isn't the problem. The cybersecurity industry doesn't want it because why should they be liable for problems in their products when the rest of the software industry gets a pass? Imagine Microsoft, after years of writing bad code, now being held liable for it? That's why its complicated. It's not a government problem. It's an industry problem.