Re: Naturally...
It might be interesting to note that whilst the US power generation overseer, NERC, has many standards (and the teeth to enforce them) in the UK we have OFGEM, which does diddly squat in terms of enforcing standards for our CNI.
This is old (2011) but I doubt it's been updated..
https://www.parliament.uk/documents/post/postpn389_cyber-security-in-the-UK.pdf
"There is no overarching regulation of cyber
security in the UK, although a growing
number of organisations are complying with
voluntary standards"