"The physical security of nuclear power plants and their vulnerability to deliberate acts of terrorism was elevated to a national security concern following the attacks of September 11, 2001. Since the attacks, Congress has repeatedly focused oversight and legislative attention on nuclear power plant security requirements established and enforced by the Nuclear Regulatory Commission (NRC). The Energy Policy Act of 2005 (EPACT05, P.L. 109-58) imposed specific criteria for NRC to consider in revising the 'Design Basis Threat' (DBT), which specifies the maximum severity of potential attacks that a nuclear plant's security force must be capable of repelling. In response to the legislative mandate, NRC revised the DBT (10 C.F.R. Part 73.1) on April 18, 2007. Among other changes, the revisions expanded the assumed capabilities of adversaries to operate as one or more teams and attack from multiple entry points. To strengthen nuclear plant security inspections, EPACT05 required NRC to conduct 'force-onforce' security exercises at nuclear power plants at least once every three years. In these exercises, a mock adversary force from outside a nuclear plant attempts to penetrate the plant's vital area and simulate damage to a 'target set' of key safety components. From the start of the program through 2009, 112 force-on-force inspections were conducted, with each inspection typically including three mock attacks by the adversary force. During the 112 inspections, eight mock attacks resulted in the simulated destruction of complete target sets, indicating inadequate protection against the DBT, and additional security measures were promptly implemented, according to NRC."
CRS Report for Congress, RL34331