The UK’s Workplace for Nuclear Regulation (ONR) has began authorized motion towards the controversial Sellafield nuclear waste facility resulting from years of alleged cybersecurity breaches.
Final December, as we previously reported, claims surfaced about Russian and Chinese language hackers planting malware on the nuclear reactor web site’s techniques way back to 2015.
The worry is that the malware might need been planted on Sellafield’s IT techniques for espionage (to entry delicate details about personnel or radioactive waste motion) and for disruptive assaults.
Sellafield’s laptop servers are thought of alarming by some insiders, incomes the nickname “Voldermort,” after the Harry Potter villain.
Exterior contractors have reportedly been allowed to plug potentially-infected USB units into the Sellafield facility’s community. A 2012 report warned of “important safety vulnerabilities” that also want pressing fixing.
The Guardian, which initially brought attention to the claims, mentioned that it was nonetheless not identified if the malware an infection had been eradicated, and that the Sellafield web site had been put in “particular measures” resulting from its constant cybersecurity breaches and failure to report incidents.
On the time of the preliminary experiences in The Guardian, the UK authorities tried to defuse the seriousness of the scenario:
“Now we have no data or proof to recommend that Sellafield Ltd networks have been efficiently attacked by state-actors in the way in which described by the Guardian.”
Nonetheless, as The Guardian now reports, the ONR will prosecute Sellafield for alleged safety offences, prompted by the newspaper’s investigation.
“These expenses relate to alleged info know-how safety offences throughout a four-year interval between 2019 and early 2023. There isn’t a suggestion that public security has been compromised on account of these points,” mentioned the ONR. “The choice to start authorized proceedings follows an investigation by ONR, the UK’s impartial nuclear regulator.”
In line with the ONR, particulars of the primary court docket listening to can be introduced when accessible.
Sellafield appointed a brand new chief digital info officer liable for cybersecurity a month after The Guardian‘s preliminary revelations.
“Security and safety at our former nuclear websites is paramount and we absolutely assist the Workplace for Nuclear Regulation in its impartial function as regulator,” mentioned the UK authorities’s Division for Vitality Safety and Web Zero, which funds Sellafield. “The regulator has made clear that there isn’t any suggestion that public security has been compromised at Sellafield. Because the interval of this prosecution, we’ve got seen a change of management at Sellafield and the ONR has famous a transparent dedication to handle its considerations.”
In 1957, a fireplace broke out on the Sellafield reactor web site (then generally known as Windscale), releasing radioactive contamination throughout Europe. It was the worst nuclear accident in British history.
Whereas there was no proof offered of an instantaneous threat of public security, the potential for espionage or a focused disruptive assault undoubtedly raises concern – significantly for a spot with such a chequered historical past as Sellafield.
