A decade after the Sept. 11, 2001, terrorist attacks, nuclear watchdogs are calling safeguards at the country's 104 nuclear power plants a "joke" and urging the government to ramp up security.

Peter Stockton, a researcher for the nonprofit Project on Government Oversight, said he has been warning the Nuclear Regulatory Commission about the vulnerability of U.S. reactors since before the attacks on the Pentagon and World Trade Center.

The attacks spurred NRC to mandate safety upgrades. Finalized in 2009, the rules require enhanced security forces, more barriers near plants and coordination with military and local police. The commission also took steps to ensure plant operators can cool reactors and spent fuel pools following large explosions and fires.

Michael Pacilio, chief nuclear officer for Exelon Nuclear, said during a call with reporters last week that the U.S. nuclear industry is one of the world's most secure and safest, with trained security forces, cybersecurity programs and emergency plans.

"Over the past decade, the industry has spent an additional $2 billion on security enhancements and increased the number of security officers to nearly 9,000," he said. "That's a 60 percent increase in over the past decade."

With a noted rise in cyber attacks facing nuclear plants, Pacilio said computer systems that reach the reactors and plant safety equipment are disconnected from the Internet. Plant operators must have cybersecurity programs.

But Stockton and other watchdogs take issue with the "force on force" inspections required at nuclear plants. The exercises feature an adversary force trying to steal nuclear material or damage components that protect the reactor core or the spent fuel pool.

"It's like laser tag mixed with weapons that fire blank ammunition," said Ken Holt, a spokesman for Dominion Resources' Millstone Power Station in Connecticut. Such mock attacks are played out every three years at the Millstone plant.

Stockton said he is concerned mainly about NRC's designation of what constitutes a threat under the "design basis," which spells out the number of attackers, the types of weapons they can use and how they would attack the plant. Under such scenarios, attackers lack rocket-propelled grenades or improvised explosive devices that could be used during an assault, he said.

Mock assaults also account for just five attackers and don't thoroughly consider the impact of airplanes on a plant, he said. "The design basis threat is totally inadequate; it's a joke," he said. "I think they really have to address a lot of these issues, and they simply refuse to address them."

Ed Lyman, a senior scientist at the Union of Concerned Scientists, said he is also concerned about the narrow interpretation of what constitutes a threat. "The NRC assumes that the federal government will respond if a plant is attacked with a force that it cannot withstand, but there are no clear procedures that govern how this response would occur," he said.

NRC says nuclear plants are strong enough to withstand aircraft strikes, based on studies the agency conducted with federal labs; results of those studies have never been made public.

Doug Walters, the Nuclear Energy Institute's vice president of regulatory affairs, said the study concluded that "while it would be a horrific event, plant designs could withstand aircraft impacts."

Roberta Warren, NRC Chairman Gregory Jaczko's policy adviser for security, said plant security programs and the design basis threats are based on extensive research on vulnerability and are coordinated with law enforcement and the intelligence community.

"There are people that will say, 'The design basis threat doesn't contain X,' and one thing that I think is difficult for people to understand is that it's a reasonable characterization of the threat," Warren said.