Phase 2 of the cyber security program for nuclear power plants is set to be completed by the end of this year in order to comply with NRC regulations. The program was first imposed after the 9/11 terrorist attacks and the regulations were formalized in 2009.
Phase 1 was completed in 2012 and NRC inspections were completed in 2015. It involved implementation controls to protect the most significant digital assets from the most prevalent cyber-attack vectors.
Phase 2 includes adding technical cyber controls, completing cyber security awareness training for employees, incident response testing and drills, implementing configuration management controls, and securing supply chain protection.