HQ/EMEAFind out how we can help your business
Sellafield, a prominent nuclear site in the United Kingdom, faces legal action due to alleged cybersecurity breaches from 2019 to last year.
The company overseeing Sellafield, Sellafield Ltd., is under inspection, although it remains uncertain if the investigation will involve senior executives. Individuals found guilty under the Nuclear Industries Security Regulations 2003 could face a maximum of two years imprisonment. However, the regulators explained that these issues have not compromised public safety.
Sellafield faced these backlashes after constantly showing cybersecurity incompetence throughout the years.
The launch of legal proceedings against Sellafield comes after increased regulatory attention on its cybersecurity shortcomings, which were highlighted in the nuclear inspector’s annual report last year.
EDF, the operator of several nuclear power plants across Britain, have also imposed similar measures. Moreover, the UK’s civil nuclear cybersecurity strategy highlights the threat posed by ransomware, which the NCSC classify as the most probable disruptive force.
Although Sellafield’s nuclear reactor ceased operations in 2003, its facility is still the largest nuclear site in Europe and poses significant risks due to its abundance of plutonium and various services dedicated to nuclear decommissioning, waste processing, and storage.
Despite the absence of an operational reactor, concerns continue about potential cyber incidents at Sellafield and their consequences.
Historically, cyberattacks targeting operational technology (OT) systems at power plants have been uncommon, yet a recent malware study discovered in Saudi Arabia in 2017 remains a notable example.
The potential consequences of such attacks, including their ability to bypass failsafe mechanisms, are subject to ongoing inspection. Although a cyberattack on a nuclear reactor’s computer systems might take a controlled shutdown as a protective measure, the risk of radiological discharge remains relatively low.
The legal process against Sellafield develops, and questions about the extent of the cybersecurity breaches and their potential impact on the facility’s operations and the broader nuclear industry continue as a nationwide discussion.
The case underscores the importance of robust cybersecurity measures in safeguarding nuclear facilities against evolving threats in the digital age despite assurances regarding public safety. Authorities and policymakers should address this situation immediately to avoid unwanted attacks compromising the site.
