Led by Elizaveta Malashenko, the grid cybersecurity team at California's Public Utility Commission, makes a good case for increased PUC involvement in cybersecurity matters, particularly those affecting distribution elements:
State regulators have not traditionally played a large role in cybersecurity. However, this is beginning to change with the recognition that Federal compliance-based models may not be sufficient to ensure grid resiliency, reliability and safety, as well as customer data privacy. With grid modernization on the way, there is an important role that State regulators need to step into, as much of this new infrastructure will be located on the distribution grid, which is currently outside of NERC authority. There is also a possibility that the Federal government could preemptively move to regulate in this area if there is no action at the State level.
You can (and should) read this grid planning and reliability policy paper here:
Cybersecurity and the Evolving Role of State Regulation: How it Impacts the California Public Utilities Commission.