British Nuclear Plant Has Serious Cyber Security Failures

Uploaded on 2024-08-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Energy

The British independent nuclear safety regulator, the Office for Nuclear Regulation, (ONR) has announced that it will  prosecute the company managing the nuclear fuel storage and reprocessing site at Sellafield in Cumbria over “alleged information technology security offences during a four year period between 2019 and early 2023.”

Sellafield Ltd, the company that manages one of biggest Europe’s nuclear sites, has pleaded guilty to several criminal charges relating to cyber security problems at the facility.

According to the British government’s National Risk Register, a cyber attack on the computer systems controlling a nuclear reactor could potentially require a controlled shutdown as a protective measure, although there is not a major concern about them causing any radiological discharge. 

The Sellafield site was used for processing and storing nuclear waste, and is one of largest stores of plutonium in the world, employing over 10,000 people from the Cumbria area. As Sellafield no longer has an operational nuclear reactor, it is not clear what damage a cyber incident at the facility could cause.

Multiple investigations into the security posture of the facility revealed staggering vulnerabilities that exposed the operation to a wide range of potentially devastating cyber attacks. An an investigation by journalists at the Guardian newspaper found that contractors at Sellafield could easily access critical systems, describing how a contractor could plug a USB memory stick into the site’s computer system while unsupervised. This investigation claimed that Sellafield might have been hacked by groups  linked to Russia. 

Furthermore, a report from French security firm Atos, a subcontractor at the Sellafield site, found 75% of its servers were vulnerable to cyber attack. Sellafield’s own investigation, led by external IT firm Commissum, concluded that any “reasonably skilled hacker or malicious insider” could access sensitive data and load malware onto the network.

According to the ONR, “There is no suggestion that public safety has been compromised as a result of these issues,” the regulator said, adding that the decision to begin legal proceedings followed an investigation.   

ONR   |   ITPro   |     Guardian   |   CND   |    The Record   |    FT   |   

Image:  @SellafieldLtd and rabedirkwennigsen

You Might Also Read: 

The UK Needs To Move Faster On Nuclear Energy Cybersecurity:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Microsegmentation In 2024: Trends, Technologies & Best Practices
The Role of VPNs In The World Of Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

it-sa 365

it-sa 365

it-sa 365 is a digital platform for connecting IT security vendors and experts with those who bear responsibility for IT security in management and technology.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Sandia National Laboratories

Sandia National Laboratories

Sandia National Laboratories is a premier science and engineering lab for national security and technology innovation.

vdiscovery

vdiscovery

vdiscovery is a provider of proprietary and best-in-breed solutions in computer forensics, document review, and electronic discovery.

CyberForce Program - US Department of Energy

CyberForce Program - US Department of Energy

The Department of Energy’s (DOE) CyberForce Program is a workforce development program that seeks to inspire and develop the next generation of cyber defenders for the energy sector.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Womble Bond Dickinson

Womble Bond Dickinson

Womble Bond Dickinson is a transatlantic law firm, providing high-quality legal experience and outstanding personal service from key locations across the United Kingdom and United States.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.