This is an example of a company wide cybersecurity strategy within a Electric Generating Company that uses NIST best cybersecurity practices across the entire IT/OT ecosystem - this is the direction we need to be headed to protect the entire grid, IMO. NERC CIP regulations are too rigid and too burdensome and do not adequately provide cybersecurity protections for the entire electric grid the as comprehensively as the NIST standards. This also better positions LCRA to report cyber incidents with CISA when the CIRCIA details emerge.
