A message from Joe Weiss:
September 2011, DOE published the Electricity Sector Cybersecurity Risk Management Process Guideline for comment. The document draws from a significant number of experts, though none are industrial control systems (ICS) experts. The document effectively equates IT and ICS. It references IEC-62443 which is still not a formal document and excludes any mention of ISA99.