British Nuclear Plant Has Serious Cyber Security Failures

Uploaded on 2024-08-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Energy

The British independent nuclear safety regulator, the Office for Nuclear Regulation, (ONR) has announced that it will  prosecute the company managing the nuclear fuel storage and reprocessing site at Sellafield in Cumbria over “alleged information technology security offences during a four year period between 2019 and early 2023.”

Sellafield Ltd, the company that manages one of biggest Europe’s nuclear sites, has pleaded guilty to several criminal charges relating to cyber security problems at the facility.

According to the British government’s National Risk Register, a cyber attack on the computer systems controlling a nuclear reactor could potentially require a controlled shutdown as a protective measure, although there is not a major concern about them causing any radiological discharge. 

The Sellafield site was used for processing and storing nuclear waste, and is one of largest stores of plutonium in the world, employing over 10,000 people from the Cumbria area. As Sellafield no longer has an operational nuclear reactor, it is not clear what damage a cyber incident at the facility could cause.

Multiple investigations into the security posture of the facility revealed staggering vulnerabilities that exposed the operation to a wide range of potentially devastating cyber attacks. An an investigation by journalists at the Guardian newspaper found that contractors at Sellafield could easily access critical systems, describing how a contractor could plug a USB memory stick into the site’s computer system while unsupervised. This investigation claimed that Sellafield might have been hacked by groups  linked to Russia. 

Furthermore, a report from French security firm Atos, a subcontractor at the Sellafield site, found 75% of its servers were vulnerable to cyber attack. Sellafield’s own investigation, led by external IT firm Commissum, concluded that any “reasonably skilled hacker or malicious insider” could access sensitive data and load malware onto the network.

According to the ONR, “There is no suggestion that public safety has been compromised as a result of these issues,” the regulator said, adding that the decision to begin legal proceedings followed an investigation.   

ONR   |   ITPro   |     Guardian   |   CND   |    The Record   |    FT   |   

Image:  @SellafieldLtd and rabedirkwennigsen

You Might Also Read: 

The UK Needs To Move Faster On Nuclear Energy Cybersecurity:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Microsegmentation In 2024: Trends, Technologies & Best Practices
The Role of VPNs In The World Of Cybersecurity »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

National Center for Manufacturing Sciences (NCMS) - USA

National Center for Manufacturing Sciences (NCMS) - USA

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

Citizen Lab - University of Toronto

Citizen Lab - University of Toronto

Citizen Lab focuses on research and development at the intersection of cyberspace, global security & human rights.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

FoxPointe Solutions

FoxPointe Solutions

FoxPointe Solutions is a full-service cyber risk management and compliance firm.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.

Mother Technologies

Mother Technologies

From Datacentre to Desktop, Mother Technologies has been delivering IT Support, Telecoms, Cybersecurity and Connectivity services to businesses across Scotland and beyond since 2002.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.

Utilize

Utilize

Utilize is an award-winning technology company with over 25 years of industry expertise, we support hundreds of businesses across London and the South East.