At first glance, last couple of years added nothing really new to the global cybersecurity threat landscape of the nuclear energy industry and its incident track records. The last major publicly reported cybersecurity incidents were cyber-attack on KHNP in late 2014-early 2015, and worm infection of the Gundremmingen NPP network in April 2016. 

Just a few months ago in April 2015 the global Conference on Cyberspace didn’t give much optimism to those expecting a unison of voices in favour of an international agreement on norms of state behaviour in cyberspace. Despite the palpable understanding that the international community does need to grope for a common denominator for global peace and security, mentions of a legal binding treaty was mostly frowned upon. The discussions on the nuances of the international law application in cyber revealed a wide array of differences of interpretations. The fruit was not ripe, but the plant has been generously watered since then.