Critics: U.S. cybersecurity plan has holes, few new items