Smart Grid vs NERC CIP Cyber Security Policies

The Smart Grid Security Linked-in Group has a discussion topic-"NERC CIP Corporate Policy and Corporate Information Security Policy". The discussion revolves around whether or not you would recommend a separate "NERC CIP Corporate Policy" from an organization's "Corporate Information Security Policy".  So far, the discussion has revolved around NERC CIP and Corporate IT security policies.  However, Smart Grid and NERC CIP are supposed to include control systems. None of the comments have identified the need for specific CONTROL SYSTEM cyber security policies. There have already been numerous cases where inappropriate IT security policies could have impacted the performance of control systems. The recent reponse to Stuxnet is an example. In many cases, inappropriate IT security policies HAVE shut down legacy control systems. Moreover, many of the most significant control system cyber incidents including those that have killed people, caused major electric outages, and shut down nuclear plants did not violate any IT security policies. Doesn't it seem like something is missing?
Joe Weiss