British Nuclear Plant Has Serious Cyber Security Failures

Uploaded on 2024-08-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Energy

The British independent nuclear safety regulator, the Office for Nuclear Regulation, (ONR) has announced that it will  prosecute the company managing the nuclear fuel storage and reprocessing site at Sellafield in Cumbria over “alleged information technology security offences during a four year period between 2019 and early 2023.”

Sellafield Ltd, the company that manages one of biggest Europe’s nuclear sites, has pleaded guilty to several criminal charges relating to cyber security problems at the facility.

According to the British government’s National Risk Register, a cyber attack on the computer systems controlling a nuclear reactor could potentially require a controlled shutdown as a protective measure, although there is not a major concern about them causing any radiological discharge. 

The Sellafield site was used for processing and storing nuclear waste, and is one of largest stores of plutonium in the world, employing over 10,000 people from the Cumbria area. As Sellafield no longer has an operational nuclear reactor, it is not clear what damage a cyber incident at the facility could cause.

Multiple investigations into the security posture of the facility revealed staggering vulnerabilities that exposed the operation to a wide range of potentially devastating cyber attacks. An an investigation by journalists at the Guardian newspaper found that contractors at Sellafield could easily access critical systems, describing how a contractor could plug a USB memory stick into the site’s computer system while unsupervised. This investigation claimed that Sellafield might have been hacked by groups  linked to Russia. 

Furthermore, a report from French security firm Atos, a subcontractor at the Sellafield site, found 75% of its servers were vulnerable to cyber attack. Sellafield’s own investigation, led by external IT firm Commissum, concluded that any “reasonably skilled hacker or malicious insider” could access sensitive data and load malware onto the network.

According to the ONR, “There is no suggestion that public safety has been compromised as a result of these issues,” the regulator said, adding that the decision to begin legal proceedings followed an investigation.   

ONR   |   ITPro   |     Guardian   |   CND   |    The Record   |    FT   |   

Image:  @SellafieldLtd and rabedirkwennigsen

You Might Also Read: 

The UK Needs To Move Faster On Nuclear Energy Cybersecurity:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Microsegmentation In 2024: Trends, Technologies & Best Practices
The Role of VPNs In The World Of Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Templar Executives

Templar Executives

Templar Executives is a leading, expert and dynamic Cyber Security company trusted by Governments and multi-national organisations to deliver business transformation.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

Porto Research, Technology & Innovation Center (PORTIC)

Porto Research, Technology & Innovation Center (PORTIC)

PORTIC brings together several research centers and groups from P.PORTO in a single space, forming a superstructure dedicated to research, technology transfer, innovation and entrepreneurship.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Everything Blockchain

Everything Blockchain

Everything Blockchain offer solutions that transform enterprise data-management capabilities. Increased efficiency, super-charged performance and all with government grade security.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

Distology

Distology

Distology are an award-winning cloud security distributor bringing a wealth of experience and strong relationships with a huge breadth of partners covering the UK, Ireland and Benelux.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.