UK nuclear facility Sellafield faces prosecution over cybersecurity failures

Britain’s independent nuclear safety regulator has announced that it will prosecute the company that manages the Sellafield nuclear facility for “alleged breaches of information technology security over a four-year period between 2019 and early 2023”.

It is unclear whether senior executives at state-owned Sellafield will be charged. Under the Nuclear Industry Security Regulations 2003, individuals convicted of a crime can be sentenced to up to two years in prison.

“There is no suggestion that public safety has been compromised as a result of these issues,” the regulator said in a statement Thursday, adding that the decision to open legal proceedings followed an investigation.

“Details of the first court hearing will be announced as soon as they become available,” ONR said.

Sellafield had previously come under increased regulatory attention for its cybersecurity shortcomings, as the UK’s chief nuclear inspector’s annual report revealed last year. At the same time, EDF, which operates several nuclear power plants in the UK, was also placed under similar measures.

As set out in the UK’s Civil Nuclear Cybersecurity Strategy, the National Cyber ​​Security Center (NCSC) threat assessment warns that ransomware is “almost certainly the most likely disruptive threat”. There is.

Ransomware attacks on IT systems used at nuclear power plants can disrupt operations, but industrial systems are designed with multiple failsafes to prevent radiation accidents. .

Although the Sellafield reactor closed in 2003, the vast facility remains Europe’s largest nuclear facility, with the ONR describing it as “one of the most complex and dangerous nuclear facilities in the world”. I am.

It stores more plutonium, especially the isotope produced as a byproduct of nuclear reactor operation, than anywhere else on earth, and is used for various purposes such as nuclear decommissioning, waste treatment and storage. There are also facilities available.

It was the site of the country’s worst nuclear disaster in 1957, when the reactor caught fire and radioactive material spread into the atmosphere across Britain and Europe.

Cyberattacks targeting power plant operational technology (OT) systems are rare, but not unheard of. The Triton malware, discovered in Saudi Arabia in 2017, is one of his best-known and most concerning examples.

It is unclear whether the Russian attackers believed to be behind the attack may have devised a way to overcome the fail-safe mechanism that prevents the explosion.

The UK government’s National Risk Register says there is no major concern that a cyber attack on the computer systems controlling a nuclear reactor will cause a radiation release, but a controlled shutdown may be required as a protective measure.

Sellafield does not currently have an operating nuclear reactor, so it is not clear what damage a cyber incident at the facility could cause.

Get more insights at

recorded future

intelligence cloud.

learn more.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button