The Sellafield nuclear facility in Cumbria is facing serious scrutiny over cyber security issues, even though the regulator has cleared it of concerns regarding physical security.
The Office for Nuclear Regulation (ONR) has moved Sellafield back to standard oversight for physical security, after closely monitoring the site for two years. The ONR conducted regular inspections and found that Sellafield has made notable improvements in maintaining physical security.
However, the ONR is still giving special attention to Sellafield’s cyber security, indicating that there’s more work to be done. In December 2023, it was reported that groups associated with China and Russia managed to infiltrate Sellafield’s IT systems, potentially planting malware that could be used for espionage or attacks.
Things got worse in October 2024 when Sellafield was fined £400,000 by Westminster Magistrates’ Court after pleading guilty to cyber security failures. The ONR charged Sellafield Ltd with negligence in protecting sensitive information, revealing that a large portion of its servers were exposed to potential cyber attacks over the previous four years.
The charges included a failure to adequately protect crucial nuclear information on its IT network and a lack of annual health checks on those systems. Sellafield’s legal team insisted there had never been a successful attack on the facility, stressing that these offences were historical and not reflective of the current state.
Paul Dicks, the ONR’s director overseeing Sellafield, acknowledged the site’s significant improvements, which led to the return to regular oversight. Sellafield operates under the Nuclear Decommissioning Authority (NDA), which oversees the decommissioning of the UK’s older nuclear sites.
In November 2024, the NDA launched a cyber security center aimed at protecting the civil nuclear sector from cyber threats. Located in Cumbria, the Group Cyberspace Collaboration Centre brings together experts in security, digital technology, and engineering to tackle new challenges head-on.
Warren Cain from the ONR emphasized the importance of strong cyber security across all nuclear sites, highlighting that protecting vital information and resources is a top priority. Other notable UK nuclear sites include Hinkley Point, Harwell, Dungeness, Bradwell, Sizewell, Trawsfynydd, Wylfa, and Dounreay.