I dream of a NATO statement on #CyberAttack that will essentially say "no, it's actually you who left your own infrastructure neglected and open to attacks" rather than ritually whine about things being "unacceptable".

All countries *do* have infosec extensive regulations and policies today. Yet, from personal experience, specifically public sector is the one that is most non-compliant with their own regulations. As result they get breached, defaced, phished etc.