The attacks in Brussels last month were a stark reminder of the terrorists’ resolve, and of our continued vulnerabilities, including in an area of paramount concern: nuclear security.

The attackers struck an airport and the subway, but some Belgian investigators believe they seemed to have fallen back on those targets because they felt the authorities closing in on them, and that their original plan may have been to strike a nuclear plant. A few months ago, during a raid in the apartment of a suspect linked to the November attacks in Paris, investigators found surveillance footage of a senior Belgian nuclear official. Belgian police are said to have connected two of the Brussels terrorists to that footage.

Security at Belgium’s nuclear sites is notoriously poor. In August 2014, someone — as yet unidentified — drained 65,000 liters of lubricant from the turbine used to produce electricity at the country’s Doel 4 nuclear power plant. No penetration was detected, leading investigators to suspect an inside job.

In 2012, two workers at the same plant reportedly left Belgium to fight in Syria, eventually joining the Islamic State. One of them is believed to have died in Syria; the other was convicted of terrorism-related crimes after returning to Belgium.

Yet still too little is being done to secure nuclear plants. That goes not only for Belgium: Nuclear facilities throughout the world remain vulnerable.

During the Nuclear Security Summit in Washington last week, more than 50 leaders announced that significant amounts of highly enriched uranium had been moved from various countries to secure storage sites and that a key nuclear-security treaty would be strengthened. But the improved version of that treaty is inadequate: It doesn’t even call for arming the guards who look after bomb-grade nuclear material.

Discussions about nuclear terrorism also tend to focus on the risk of terrorists stealing weapons-grade material or making a dirty bomb. But they often overlook the danger of terrorists attacking a nuclear plant in order to set off a Chernobyl- or Fukushima-like disaster.

That risk is real, however, and has been known for a while. The master planner of the 9/11 attacks had considered crashing a jumbo jet into a nuclear facility near New York City. A Qaeda training manual lists nuclear plants as among the best targets for spreading fear in the United States.

Striking a nuclear plant or the cooling ponds in which nuclear waste is stored wouldn’t set off a mushroom cloud or kill hundreds of thousands of people. But it would spew large amounts of radiation, spark a mass panic and render vast swaths of land uninhabitable. And it could cause thousands of early deaths from cancer.

More than one in three Americans lives within 50 miles of the 99 nuclear reactors operating in the United States today. There are more than 300 other nuclear reactors producing electricity in 30 other countries.

Nuclear plants have built-in safety mechanisms, typically multiple systems that are unlikely to fail simultaneously: If one of them malfunctions, there’s always a backup, the theory goes. But redundancy is effective protection only against accidents, not against terrorists who set out to cause simultaneous system failures. For example, by targeting power and water supplies at the same time, attackers could cause a reactor to melt down or a cooling pond to ignite.

After the catastrophe at Fukushima, safety measures were bolstered at nuclear plants worldwide: More emergency equipment was put on standby, and measures for venting explosive hydrogen gas were improved. But conspicuous gaps remain in security, even in countries like Japan, India, Pakistan, Russia and the United States, which have major nuclear facilities and also have suffered serious acts of terrorism in the past. President Vladimir V. Putin didn’t even attend last week’s summit.

The first measure must be to combat complacency. Incredibly, it took the November attacks in Paris for Belgium to finally arm guards at its nuclear power plants. Even more incredibly, it took the Brussels attack last month for Belgian authorities to review the personnel records of employees at nuclear sites — and determine that about a dozen workers should have had their credentials revoked on security grounds.

At a minimum, armed guards should be required at all sites that hold weapons-grade material or enough low-enriched fuel to cause a major release of radioactivity. And all employees at nuclear plants should be thoroughly vetted before they are employed.

The United States can leverage its leadership in the international commerce of nuclear material and technology to improve security at nuclear plants in other countries. United States law already requires that nuclear material originating in that country be adequately protected when it is exported and while it is abroad.

Washington could also require a credible assessment of local terrorist threats, protective measures like arming guards at host facilities, regular exercises simulating armed attacks to test the plants’ security systems, and independent oversight.

Current United States laws and regulations prohibit American intelligence and policy officials from sharing classified assessments of terrorists’ intentions and capabilities with many governments. Even Japan, one of the world’s largest producers of nuclear power and a close United States ally, cannot access this information. That must change.

And the Global Initiative to Combat Nuclear Terrorism, a voluntary network of 86 states and five international organizations, can help build capacity in this area by encouraging its members to share intelligence and best security practices.

Terrorists have their eyes on nuclear plants. So must we.