April 15, 2024

The UK’s Workplace for Nuclear Regulation (ONR) has began authorized motion in opposition to the controversial Sellafield nuclear waste facility as a consequence of years of alleged cybersecurity breaches.

Final December, as we previously reported, claims surfaced about Russian and Chinese language hackers planting malware on the nuclear reactor web site’s methods way back to 2015.

The worry is that the malware might need been planted on Sellafield’s IT methods for espionage (to entry delicate details about personnel or radioactive waste motion) and for disruptive assaults.

Sellafield’s laptop servers are thought-about alarming by some insiders, incomes the nickname “Voldermort,” after the Harry Potter villain.

Exterior contractors have reportedly been allowed to plug potentially-infected USB gadgets into the Sellafield facility’s community. A 2012 report warned of “vital safety vulnerabilities” that also want pressing fixing.

The Guardian, which initially brought attention to the claims, mentioned that it was nonetheless not recognized if the malware an infection had been eradicated, and that the Sellafield web site had been put in “particular measures” as a consequence of its constant cybersecurity breaches and failure to report incidents.

On the time of the preliminary reviews in The Guardian, the UK authorities tried to defuse the seriousness of the state of affairs:

“Now we have no data or proof to counsel that Sellafield Ltd networks have been efficiently attacked by state-actors in the way in which described by the Guardian.”

Nevertheless, as The Guardian now reports, the ONR will prosecute Sellafield for alleged safety offences, prompted by the newspaper’s investigation.

“These fees relate to alleged data know-how safety offences throughout a four-year interval between 2019 and early 2023. There is no such thing as a suggestion that public security has been compromised because of these points,” mentioned the ONR. “The choice to start authorized proceedings follows an investigation by ONR, the UK’s unbiased nuclear regulator.”

In accordance with the ONR, particulars of the primary courtroom listening to can be introduced when obtainable.

Sellafield appointed a brand new chief digital data officer accountable for cybersecurity a month after The Guardian‘s preliminary revelations.

“Security and safety at our former nuclear websites is paramount and we absolutely assist the Workplace for Nuclear Regulation in its unbiased function as regulator,” mentioned the UK authorities’s Division for Vitality Safety and Web Zero, which funds Sellafield. “The regulator has made clear that there is no such thing as a suggestion that public security has been compromised at Sellafield. Because the interval of this prosecution, we now have seen a change of management at Sellafield and the ONR has famous a transparent dedication to deal with its issues.”

In 1957, a hearth broke out on the Sellafield reactor web site (then generally known as Windscale), releasing radioactive contamination throughout Europe. It was the worst nuclear accident in British history.

Whereas there was no proof offered of an instantaneous threat of public security, the potential for espionage or a focused disruptive assault undoubtedly raises concern – notably for a spot with such a chequered historical past as Sellafield.