In 2009, the Nuclear Regulatory Commission (NRC) published cyber security rules specifically targeting the protection of computer and communications systems and networks. The rules incorporated lessons learned form cyber security orders imposed after the September 2001 terrorist attacks.
All plant operators must implement an approved cyber security plan that is reviewed and inspected by the NRC. Regulatory guidance (RG 5.71) was issued a year later in January 2010, which included best practice notes from the U.S. Department for Homeland Security (DHS) and NEI.
The guidelines highlight the need to maintain the approved cyber security program, performing continuous monitoring and assessment. The plan must be updated to reflect changes that could expose the plant and its systems to attack.
Nuclear Energy Insider – November 13, 2017.