Cybersecurity within critical national infrastructure is under scrutiny as Sellafield (and the cybersecurity sector as a whole) awaits condemnation of the facility.
Sellafield Ltd pleaded guilty to three counts of technological security breaches during the 2019-2023 generation at Westminster Magistrates’ Court earlier this summer. A sentencing hearing was held last week (August 8), but Chief District Judge Paul Goldspring did not hand down the sentence. sentence. The Office of Nuclear Regulation (ONR), which has filed a complaint against Sellafield, expects the facility to be condemned in September.
After Sellafield pleaded guilty in June, the ONR said: “There is no vulnerability that has been exploited. »
According to the Guardian report, the court was told that 75% of Sellafield’s PC servers were vulnerable to cyberattacks. The court was also told that sensitive nuclear data (SNI) was vulnerable in one component due to the use of superseded technologies, adding Windows 7 and Windows 2008. The ONR describes the SNI as “data related to activities carried out in or in connection with civilian activities. “. ” nuclear facilities, and is considered to have a price for an adversary who makes plans as a hostile act. “
In addition, the court heard that a contractor won 4,000 files by mistake. Among those files, thirteen were classified as “official/sensitive”, so any alarm was triggered.
The Guardian noted: “While all parties said the breaches were very serious, the ruling said it would have to balance the charge to the taxpayer with the desire to deter others in the industry from committing similar offences. The conviction would be “new territory. ” for all of us,” Goldspring said, as no nuclear site had been processed this way before.
A spokesperson for Sellafield said: “We take cybersecurity at Sellafield seriously, as evidenced by our guilty pleas. The fees relate to old crimes and there is no suggestion that public protection has been compromised.
“Sellafield has been the victim of a successful cyber attack or has suffered a loss of sensitive nuclear information.
“We have already made significant innovations to our systems, networks and structures to ensure we are larger and more resilient. As the matter remains the subject of an active legal process, we are not in a position to comment further.
In an unrelated move, the National Audit Office is expected to report on threat alleviation at Sellafield in the autumn. This report will read about whether the Nuclear Decommissioning Authority and Sellafield are adopting a sustainable technique for decommissioning.
Don’t miss the latest BIM and virtual news: subscribe to receive the BIMplus newsletter.
Please email me when I reply to my comment.
Name*