British Nuclear Plant Has Serious Cyber Security Failures

Uploaded on 2024-08-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Energy

The British independent nuclear safety regulator, the Office for Nuclear Regulation, (ONR) has announced that it will  prosecute the company managing the nuclear fuel storage and reprocessing site at Sellafield in Cumbria over “alleged information technology security offences during a four year period between 2019 and early 2023.”

Sellafield Ltd, the company that manages one of biggest Europe’s nuclear sites, has pleaded guilty to several criminal charges relating to cyber security problems at the facility.

According to the British government’s National Risk Register, a cyber attack on the computer systems controlling a nuclear reactor could potentially require a controlled shutdown as a protective measure, although there is not a major concern about them causing any radiological discharge. 

The Sellafield site was used for processing and storing nuclear waste, and is one of largest stores of plutonium in the world, employing over 10,000 people from the Cumbria area. As Sellafield no longer has an operational nuclear reactor, it is not clear what damage a cyber incident at the facility could cause.

Multiple investigations into the security posture of the facility revealed staggering vulnerabilities that exposed the operation to a wide range of potentially devastating cyber attacks. An an investigation by journalists at the Guardian newspaper found that contractors at Sellafield could easily access critical systems, describing how a contractor could plug a USB memory stick into the site’s computer system while unsupervised. This investigation claimed that Sellafield might have been hacked by groups  linked to Russia. 

Furthermore, a report from French security firm Atos, a subcontractor at the Sellafield site, found 75% of its servers were vulnerable to cyber attack. Sellafield’s own investigation, led by external IT firm Commissum, concluded that any “reasonably skilled hacker or malicious insider” could access sensitive data and load malware onto the network.

According to the ONR, “There is no suggestion that public safety has been compromised as a result of these issues,” the regulator said, adding that the decision to begin legal proceedings followed an investigation.   

ONR   |   ITPro   |     Guardian   |   CND   |    The Record   |    FT   |   

Image:  @SellafieldLtd and rabedirkwennigsen

You Might Also Read: 

The UK Needs To Move Faster On Nuclear Energy Cybersecurity:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Microsegmentation In 2024: Trends, Technologies & Best Practices
The Role of VPNs In The World Of Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Seclore

Seclore

Seclore is the most advanced, secure, and automated Enterprise Digital Rights Management (EDRM) solution available.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Cloudentity

Cloudentity

Cloudentity combines Identity for all things with API and Application security in a unique deployment model, combining cloud-transformation and legacy systems.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

BlueAlly

BlueAlly

BlueAlly helps clients scale, optimize, and manage their IT resources to reach their business goals.

vpnMentor

vpnMentor

We started vpnMentor to offer users a really honest, committed and helpful tool when navigating VPNs and web privacy.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

MODUS X

MODUS X

MODUS X is a Ukrainian IT product and service company created from the IT department of the DTEK Group of Companies.