Minister expresses concerns following Sellafield Nuclear Site’s denial of hacking incident
Sellafield and the nuclear regulator have denied the claims in a report that there is evidence of state-backed hacking, but the company is still under special watch.
The energy security secretary has demanded answers from the Nuclear Decommissioning Authority (NDA) on Monday after Sellafield denied allegations of hacking of the nuclear site’s IT systems by groups connected to hostile states. The Office for Nuclear Regulation (ONR) also rejected the hacking claims but confirmed that they are closely monitoring Sellafield Ltd due to the company’s failure to meet the required “high standards” in terms of cyber security.
Claire Coutinho, secretary of state for energy security and net zero, has written to the NDA’s group CEO David Peattie seeking further assurance that Sellafield, which is part of the NDA group, is giving top priority to addressing cyber security threats. The minister has also inquired about the NDA’s efforts to address the leak at the Magnox Swarf Storage Silo (MSSS), which has accelerated over the past few years.
The Guardian published a report on Monday claiming that “cyber groups closely linked to Russia and China” had infiltrated Sellafield’s computer networks with malware, and that the company did not inform regulators about the breach for several years. The report also mentioned that Sellafield has been put into special measures by the ONR.
Both Sellafield and the ONR have refuted the claims of a cybersecurity breach. Sellafield stated that they have “no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state actors.” The company emphasized that they take cyber security extremely seriously and have multiple layers of protection for their systems and servers.
The ONR also stated that there is “no evidence that Sellafield’s systems have been hacked by state actors” as described in the report. However, the ONR acknowledged that improvements are required at Sellafield but assured that these problems are not compromising public safety. The regulator emphasized that they will continue to apply rigorous regulatory scrutiny to ensure the safety of workers and the public.
Claire Coutinho expressed concerns about the longstanding nature of the issues and emphasized the need for further assurance regarding the treatment of cyber security threats. She requested a delivery plan and timeline for how Sellafield will address the cybersecurity issue and asked for a schedule for the NDA’s efforts to address the MSSS leak.
According to the International Atomic Energy Agency, the MSSS, which was built in the 1960s, is one of the NDA’s highest-risk nuclear facilities. The agency reported that the liquor loss from the structure has accelerated but poses a low risk to the public and the environment.
In another report, The Guardian claimed that the safety at the MSSS has caused diplomatic tensions. Sellafield, the first commercial nuclear power station, was the site of one of the earliest nuclear accidents in the world when a fire broke out in 1957, leading to the release of radioactive material. The Cabinet Office considers a civil nuclear accident as a “catastrophic” event, but it is considered “remotely possible at best.”
