UK’s largest nuclear power site fined for cybersecurity breaches

Britain’s nuclear regulator has fined the largest UK nuclear power facility £332,500 for “persistently” breaching security regulations which left IT systems vulnerable.

The instances occurred between 2019 and 2023, and although the Office for Nuclear Regulation (ONR) say there is no evidence the vulnerabilities were exploited, cybersecurity shortcomings left the facility exposed to potential loss of data and unauthorised access.

Sellafield’s reactor was shut down in 2003, but nuclear materials are still stored and plutonium is handled at the site, including a range of facilities for waste storage and processing.

All cleaned up

The site pleaded guilty to three criminal charges over the failings.

The shortfalls included failing to carry out annual security checks, which the company attributes to “sector-wide difficulties recruiting suitably qualified staff”. Since the ruling, Sellafield has made “significant improvements” to its systems and structures to ensure public safety.

A successful attack could have come in the form of a phishing campaign or a malicious insider which could have damaged facilities or disrupted operations. It was previously reported that Sellafield was breached by Russian and Chinese hackers, but both the site and the UK government have denied this.

“Failings were known about for a considerable length of time but despite our interventions and guidance, Sellafield failed to respond effectively, which left it vulnerable to security breaches and its systems being compromised.” said The ONR’s Senior Director of Regulation Paul Fyfe.

Secretary of State for Energy, Ed Miliband previously commented on news that contractors could access the site network unsupervised as a “very concerning report about one of our most sensitive pieces of energy infrastructure”.

Whilst the regulator found no evidence of harm from the cybersecurity shortfalls, the site is said to be taking the charges “very seriously”, which it says is reflected in the guilty plea.

Via BBC

Check out our pick of the best malware removal softwareThis AI-powered malware has evolved to add image recognition Take a look at our best endpoint protection software choices

Related posts

Everything new on Netflix in January 2025

Google Whisk is a new way to create AI visuals using image prompts –here’s how to try it

These are the companies using AI-driven dynamic pricing the most – and the top users probably won’t surprise you

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More