Saturday, May 18

Sellafield to be prosecuted over supposed cyber compliance failure

Sellafield Ltd, the organisation accountable for tidying up and decommissioning the UK’s biggest hazardous waste website, is to be prosecuted over declared cyber security failings going back to 2019

By

  • Alex Scroxton, Security Editor

Released: 28 Mar 2024 15:28

Sellafield Ltd, the Nuclear Decommissioning Authority-backed organisation presently working to end up operations at the struggling Sellafield nuclear center in Cumbria, is to be prosecuted over substantial cyber security failings under the auspices of the Nuclear Industries Security Regulations of 2003.

The charges, laid by the Office for Nuclear Regulation (ONR), cover a variety of supposed IT security offenses throughout the duration in between 2019 and 2023.

“The choice to start legal procedures follows an examination by ONR, the UK’s independent nuclear regulator,” the body stated in a short declaration. “There is no idea that public security has actually been jeopardized as an outcome of these concerns.

“Details of the very first court hearing will be revealed when readily available. Considered that some matters are now based on legal procedures, we are not able to comment even more.”

The statement came simple hours after it was reported that Sellafield’s primary details gatekeeper, Richard Meal– a previous RAF officer who has actually remained in post for over 10 years– stepped down from his function, although this has actually not been validated by Sellafield.

Computer system Weekly comprehends that Sellafield’s evident cyber security concerns have actually been bubbling to the surface area for a while, and in 2023 the website’s operators strenuously rejected accusations– emerging from a prolonged Guardian examination– that its IT systems had actually been completely jeopardized by state-backed danger stars stemming from China and Russia.

The paper declared the hackers had actually released difficult-to-detect sleeper malware on Sellafield’s systems to collect information and snoop on the continuous nuclear clean-up at the center, which was the scene of the UK’s worst ever nuclear catastrophe in the 1950s.

The Guardian implicated Sellafield of a constant cover-up of the invasions, which apparently dated to 2015, and declared that the degree of the breach just emerged when employees at other websites found they might from another location access Sellafield’s systems.

An expert at the website explained Sellafield’s network as “basically insecure” and accentuated numerous issues, that included using USB memory supports third-party specialists and an occurrence in which a going to BBC electronic camera team mistakenly shot and transmitted user qualifications. Extreme were some of the failings that they were allegedly nicknamed “Voldemort”.

At the time, Sellafield president Euan Hutton informed the BBC that the center had “robust, multi-layer security systems” and a “24/7-staffed cyber security operations centre” that would have spotted any invasion.

The ONR has actually not supplied information of any particular cyber security occurrences that form the basis of its action.

ยป …
Find out more