 After the 9-11 terrorist attacks, the NRC raised its licensee threat level advisory to its highest tier. To harden facilities against evolving threats, the NRC began an assessment of adversary capabilities, as well as the likelihood and consequences of an attack. In 2002, the NRC ordered licensees to take interim compensatory measures to bolster security, emergency planning, and mitigation strategies, including upgrades to access control, security forces, physical security, force-on-force drills, and training. In April 2002, the NRC created the Office of Nuclear Security and Incident Response to provide a focus for security policy and management issues and for the assessment of licensee security. Between 2002 and 2004, the NRC tested and redesigned its force-on-force inspection program based on a staff self-assessment and achieved efficiencies in the inspection program. In 2005, Congress passed the Energy Policy Act, which included new requirements for design basis threats, security of radioactive materials, enhanced weapons for security forces, and emergency notifications. Consistent with the Energy Policy Act, the NRC announced a proposed rulemaking to codify the existing orders, which was completed in 2009. The NRC also modified its regulations governing fitness for duty and cybersecurity of power reactors. In 2007, it updated its design basis threats for radiological sabotage, theft, and diversion, including a publicly available reference for cyber attacks. In 2009, the NRC made significant changes to regulations for fitness for duty, physical security, and cybersecurity of power reactors. The NRC worked with other federal agencies to develop improved communications and implement the Homeland Security Advisory System's color-coded threat-level designations. In 2011, the NRC issued its first major revision to emergency planning regulations since the Three Mile Island accident. In the area of radioactive sources, the NRC worked with the International Atomic Energy Agency to identify radioactive sources attractive to adversaries and with agreement states to ensure their secure use, storage, and transportation. In 2012, the NRC issued its first edition of a cybersecurity roadmap on cybersecurity program implementation. In 2013, the NRC opened a new headquarters operation center to enable modern technology-based emergency response capability. In 2017, operating reactor licensees completed the full implementation of their cybersecurity programs and were inspected by the NRC. In the 20 years since 9-11, NRC staff have served their country in multiple roles, as members of our National Guard and Reserve Forces, and in advancing the safe and secure use of radioactive materials by its licensees. Because of what has been and all we have learned, the NRC stands ready to respond to our nation's security needs.