A 39-page report from the Obama administration provides guidelines, but no real incentives, to companies looking to beef up cybersecurity.