The Nuclear Regulatory Commission yesterday said the operator of an embattled Southern California nuclear plant failed to safeguard sensitive security equipment from hackers and other cybersecurity threats.

Southern California Edison Co. didn't develop proper procedures for analyzing cyber threats for electronic devices that use information related to the physical security of the San Onofre plant's twin reactors, according to NRC.

No fines were issued, and the utility said the equipment is now secure.

"We corrected this deficiency last year when we discovered it and have implemented best practices for information security to ensure it doesn't happen again," Pete Dietrich, the utility's senior vice president and chief nuclear officer, said in a statement.

The company said it alerted NRC to the security issue last year, and the commission confirmed the violation during a four-day inspection in May.

The violation adds to a host of problems facing the plant in northern San Diego County. The facility has been closed since Jan. 31, when a radiation leak occurred in the Unit 3 steam generator. The Unit 2 generator had been shut down earlier that month for routine maintenance and was not put back online because of NRC's investigation.

California's grid operator is now studying how to make up for the lost reactors in energy forecasts, but the utility has said it could bring the units back online by November or December (Greenwire, July 31).