The UK’s Office for Nuclear Regulation (ONR) has taken legal action against the controversial Sellafield nuclear waste facility over years of alleged cyber security breaches.
As we previously reported, in December, allegations emerged that Russian and Chinese hackers had planted malware on systems at nuclear reactor sites as early as 2015.
There are concerns that malware could be implanted into Sellafield’s IT systems and used for espionage (to access sensitive information about people or the movement of radioactive waste) and destructive attacks.
Sellafield’s computer servers were considered so shocking by some insiders that they earned the nickname “Voldemort” (after the Harry Potter villain).
It has been reported that external contractors have been allowed to plug potentially infected USB devices into the Sellafield facility’s network. A 2012 report warned of “serious security vulnerabilities” that still needed urgent fixes.
protectorInitially drawing attention to the claims, the website said it was unclear whether the malware infection had been eradicated and that the Sellafield site had been placed in “special measures” due to its ongoing cybersecurity breaches and failure to report incidents. .
at the time of initial reporting protectorThe British government tried to defuse the seriousness of the situation:
“We have no record or evidence that Sellafield Limited’s network has been successfully compromised by a state actor in the manner described by the Guardian.”
However, as protector ONR will reportedly prosecute Sellafield for alleged security crimes, based on the newspaper’s investigation.
ONR said: “The charges relate to alleged IT security crimes over a four-year period from 2019 to early 2023. There is no suggestion that public safety was compromised as a result of these issues. “The decision to initiate legal proceedings follows an investigation by ONR, the UK’s independent nuclear regulator. “
Details of the first court hearing will be released when available, according to ONR.
A month later, Sellafield appointed a new chief digital information officer to oversee cybersecurity. protectorthe initial revelation.
The UK government’s Department for Energy Security and Net Zero, which funds Sellafield, said: “The safety and security of our former nuclear sites is vital and we fully support the Office of the Nuclear Regulator’s independent role as regulator.” “The regulator has been clear “There is no indication that public safety at Sellafield has been compromised. Since this prosecution, we have seen a change in leadership at Sellafield and a clear commitment from ONR to address its concerns.”
In 1957, a fire broke out at the Sellafield Reactor site (then known as Windscale), spreading radioactive contamination across Europe. It was the worst nuclear accident in British history.
While there is no evidence of an immediate risk to public safety, the possibility of espionage or targeted disruptive attacks certainly raises concerns – particularly for a place with a checkered history like Sellafield.