Sellafield Ltd, the management company of the Sellafield nuclear site, will be prosecuted by the UK’s independent nuclear safety regulator for alleged cyber security offences.
According to the safety regulator, the breaches were collected over a four-year period, from 2019 to 2023. However, the regulator noted in its announcement that there is nothing to suggest that public safety has been compromised by these “cyber security crimes”. THE The Office of Nuclear Regulation (ONR) provided little comment as to what the specific issues or legal proceedings are, but noted that “details of the first court hearing will be announced as they become available.”
This isn’t the first time the company has come under scrutiny. Cybersecurity issues were also addressed in the chief nuclear inspector’s annual report on the country’s nuclear industry, released last September. And in December, the Guardian published a bombshell report that advanced persistent threats (APTs) backed by Russia and China have been breach Sellafield’s IT systems dating back to 2015 – attacks that the newspaper said were consistently covered up by senior staff at the site, which holds a vast repository of radioactive waste and the world’s largest plutonium cache.
While it is not currently known whether any senior leaders were involved in these safety lapses and, if so, whether they will face charges, if convicted, an individual could face a maximum of two years in prison.
A nuclear reactor is located on the grounds of Sellafield. Even though it was closed in 2003, it still is The largest nuclear site in Europe, and the ONR considers it “one of the most complex and dangerous nuclear sites in the world.” This is probably one of the main reasons why the company’s cybersecurity shortcomings are of significant concern.
While cyber attacks on power plants are not necessarily common, they have occurred on rare occasions, such as the 2017 wave of attacks using Triton malware, also known as Trisis and HatMan, used to target a Middle Eastern petrochemical plant by the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM). The threat actor moved across IT and operational technology (OT) networks to gain access to the security system and targeted Schneider Electric’s Triconex security instrumented system, which allows the initiation of a Safe shutdown process in case of emergency. System modification by malware could have caused structural damage, operational shutdowns, and even fatalities.
That said, it is unknown what kind of damage a cyber attack would cause at Sellafield and whether it could have a similar catastrophic fallout, given that the nuclear reactor is no longer operational.