UK's Sellafield nuclear plant faces security breach as Chinese and Russian-linked groups hack systems: Report
The article exposes cybersecurity breaches at the Sellafield nuclear plant, revealing hacking by cyber groups linked to Russia and China, potential risks to sensitive data, and a decade-long failure to address cyber issues, raising concerns about the safety of one of Europe's largest and most hazardous nuclear sites.
FollowCyber groups with close ties to Russia and China have reportedly hacked into the Sellafield nuclear plant, a potentially hazardous industrial site in Europe, according to an investigation. Sources informed The Guardian that the breaches at the Cumbria-based site were initially identified as early as 2015, when experts discovered spy software embedded in the plant's computer networks. Sellafield, among the largest nuclear sites in Europe, spans approximately 700 acres, houses around 11,000 employees in 1,300 buildings connected by 25 miles of roads, and contains substantial quantities of radioactive waste in its silos.
The facility stores spent nuclear fuel from UK power stations, aiming to position itself as a nuclear power comparable to the US and Russia. The volume of radioactive waste at the site surpasses that present at Chernobyl before the disaster. With the planet's largest store of plutonium, the facility also houses a significant collection of emergency planning documents intended for use in the event of a foreign attack or a domestic disaster in the UK.
The disclosures have come to light during the year-long investigation titled "Nuclear Leaks" by The Guardian, examining cyber hacking, radioactive contamination, and a toxic workplace culture at Sellafield. Guardian reporter Anna Isaac emphasized, "If Sellafield isn't safe, the UK isn't safe and potentially its neighbours." The status of the malware, initially detected eight years ago, remains uncertain. The Guardian further revealed that the facility was subjected to a form of "special measures" last year due to persistent shortcomings in cybersecurity.
The Office for Nuclear Regulation (ONR) acknowledged to the newspaper that Sellafield does not meet its cyber standards but refrained from commenting on the breaches. The Guardian reports that the issues related to the insecure server are highly severe and involve sensitive data susceptible to exploitation by potential adversaries of Britain. Earlier this year, the National Cyber Security Centre (NCSC) in the country raised concerns about the risk of cyber-attacks on critical national infrastructure emanating from Russia and China, urging organizations to take immediate action to mitigate the risk against potential future attacks.
Also read: Indonesia: Volcanic eruption in Mount Marapi kills 11 climbers, 3 survivors found
A Sellafield spokesperson told the Guardian: "We take cybersecurity extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection. Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these. Over the past 10 years, we have evolved to meet the challenges of the modern world, including a greater focus on cybersecurity. We’re working closely with our regulator. As a result of the progress we’ve made, we have an agreed route to step down from ‘significantly enhanced’ regulation.”
