The UK’s Sellafield nuclear waste processing and storage site was sanctioned by regulators following the discovery that its IT systems had been compromised, leaving them vulnerable to hacking and unauthorized access for years.
The Workplace for Nuclear Regulation (ONR) characterizes the Sellafield site as one of Europe’s largest industrial complexes, handling more radioactive waste than any other nuclear facility globally.
It is imperative to treat cybersecurity with utmost seriousness at Sellafield.
Despite this, an Office of Naval Research (ONR) report identified several breaches occurring from 2019 to 2023.
The investigation found that Sellafield had neglected to ensure the satisfactory security and safety of sensitive nuclear information in the local community. Moreover, the organisation failed to implement adjustments to its sanctioned safety protocols for routine vulnerability assessments of both operational technology (OT) and information technology (IT) programmes, as certified by the National Cyber Security Centre’s (NCSC) Verify approval.
In late 2023, news of cybersecurity concerns at Sellafield first surfaced, with a UK newspaper reporting that.
Despite concerns about media experiences at Sellafield, exterior contractors were permitted to connect potentially infected USB drives to the site’s network. Moreover, some insiders were so troubled by the state of the servers that they nicknamed one “Voldemort” – a nod to the notorious Harry Potter character – reflecting their alarm and foreboding.
The corporation pleaded guilty to several offenses in June 2024.
At Sellafield, cyber safety is a top priority, reflected in our robust cybersecurity measures and commitment to ensuring the security of our digital operations. “The costs are attributed to past incidents, with no indication that public safety was ever jeopardized.” Sellafield has thus far escaped a lucrative and destructive cyber-attack.
“We’ve successfully implemented key upgrades to our programs, strengthened our community bonds, and reinforced our infrastructure, ensuring an enhanced level of security and resilience.” “The ever-changing cyber threat landscape necessitates our proactive collaboration with regulators to ensure seamless compliance with increasingly stringent demands.”
No evidence was found of hackers exploiting identified safety vulnerabilities in response to the Office of Naval Research’s inquiry.
Long-standing concerns about security at Sellafield have been well-founded and deeply concerning for many individuals.
On October 10, 1957, a devastating fire broke out at the Sellafield reactor site, then known as Windscale, releasing a plume of radioactive contaminants that dispersed throughout Europe.
