I'm always campaigning for more utilities to hire or otherwise install more senior level security personnel (e.g., CSOs, CISOs) to elevate the security and privacy requirements using business language more accessible to C-level executives, the Board of Directors, and other senior stakeholders.
Well, one big company, namely Atlanta-based Southern Company, has leapfrogged that goal and has a vocal CEO articulating the essential need for the industry to do better on security. THIS POST by fellow energy sector security blogger (and very active leader and member of cyber security working groups) Mike Ahmadi gives you more perspective on this.
And alerts you to a key initiative re: certification of systems and products where Southern is leading the way. One thing I can say for sure: you'll be hearing more about the proposal on this known as IEC 62443 2-4, so stay tuned.