In a letter to Southern California Edison, the NRC said that the utility failed to “develop a site procedure which addressed the need to conduct a cybersecurity analysis of electronic devices designated for safeguards information” at the plant, according to a copy of the letter obtained by the North County Times newspaper.

According to the NRC website, “safeguards information” is a “special category of sensitive unclassified information…to be protected” concerning the “protection of operating power plants, spend fuel shipments, strategic special nuclear material or other radioactive material.”

The NRC acknowledged that the utility had fixed the cybersecurity lapses at the plant, but it is still considering enforcement action. The regulator plans to issue a final determination about the severity of the violation within 90 days of the June 11 letter. Edison has 30 days to defend itself about the violation within 30 days of receiving the letter, the newspaper said.

Southern California Edison defended its actions, saying it “corrected and addressed” the cybersecurity lapses “promptly”, according to a response by the utility obtained by the newspaper.