News

Nuclear decommissioning sector faces up to cyber threats

An image of Sellafield - nuclear decommissioning cyber security
Sellafield (Image: Steve Allen | Dreamstime.com)

The Nuclear Decommissioning Authority (NDA) has launched a cyber facility to help the sector address cyber threats and to accelerate collaboration and technology adoption.

The Group Cyberspace Collaboration Centre (GCCC), situated in Herdus House in Cumbria, is a multi-functional space for experts in cyber, digital and engineering across the nuclear sector to explore how new technologies can support mission delivery and facilitate security operations, cyber exercising and training.   

It is part of the NDA’s portfolio of digital and cyber capability centres, including a joint cyber security operations facility, which opened in Warrington in August. 

David Peattie, chief executive of the NDA, said: “The GCCC is further enhancing our collective ability to keep us safe, secure, resilient and sustainable in cyberspace. Enabling us to work together more closely means we can defend as one, benefitting the collective security of the individual organisations we serve.”

Warren Cain, superintending inspector at the Office for Nuclear Regulation (ONR), added: “All nuclear sites must have strong cyber security systems in place to protect important information and assets from cyber threats. 

“Cyber security is a key regulatory priority for the ONR, and we welcome the NDA’s commitment to strengthen their cyber defences with this new specialist facility.”

Sellafield fined for cyber security failings

The opening of the GCCC follows Sellafield Ltd being fined £332,500 for cyber security shortfalls over a four-year period, following a prosecution brought by the ONR.

Sellafield Ltd pleaded guilty to three charges at Westminster Magistrates’ Court and was fined last month. The offences relate to Sellafield Ltd’s management of the security around its IT systems between 2019 and 2023 and its breaches of the Nuclear Industries Security Regulations 2003.

Sellafield is one of Europe’s largest industrial complexes, managing more radioactive waste in one place than any other nuclear facility in the world.

In 2023, an ONR inspector noted that a successful ransomware attack could impact on important “high-hazard risk reduction” work at the site, with a subsequent return to normal IT operations potentially taking up to 18 months.

Internally, Sellafield Ltd had also observed how a successful phishing attack or malicious insider might trigger the loss of, or compromise, key systems of data. A successful attack could have disrupted operations, damaged facilities and delayed important decommissioning activities.

After Sellafield entered its guilty plea in June, the ONR noted: “There is no evidence that any vulnerabilities have been exploited.”

Following the issue of the fine, ONR senior director of regulation, Paul Fyfe, said: “With new leadership and additional resources in place at Sellafield Ltd, we have seen positive improvements during the last year, and evidence the senior leadership is now giving cyber security the level of attention and focus it requires.

“We will continue to apply robust regulatory scrutiny where necessary to ensure all risks, including cyber security, are effectively managed by the nuclear industry.”

Don’t miss out on BIM and digital construction news: sign up to receive the BIMplus newsletter.

Story for BIM+? Get in touch via email: [email protected]

Latest articles in News