I have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).
I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.