UK nuclear cleanup site faces cyber security criminal charges

Sellafield, the UK's “largest and most dangerous nuclear facility”, was in breach of the Nuclear Industry Security Regulation Act, the Nuclear Regulation Authority said after carrying out an investigation.

“These charges relate to alleged IT security breaches over a four-year period from 2019 to early 2023,” the independent nuclear regulator said in a statement Thursday announcing the charges.

ONR said there was “no suggestion that public safety was compromised as a result of these issues.” “As certain matters are currently the subject of legal proceedings, we are unable to comment further.”

An initial court hearing has not yet been scheduled.

Sellafield has around 12,000 staff and an annual budget of £2 million, or $2.5 billion. The site primarily handles nuclear waste processing and storage, as well as decommissioning nuclear equipment and infrastructure.

Earlier this week, the Guardian reported that Richard, who has been Sellafield's CISO for the past 10 years, It reported that Mir plans to step down from his position later this year. That he was going to leave.

The law Sellafield allegedly violated requires individuals to “appropriately protect” classified information designated as “nuclear sensitive information” from a national security perspective. This regulation is enforced by ONR's Civil Nuclear Security Division on behalf of the Secretary of State. energy and climate change.

The founding of Sellafield, on the remote coast of northwest England, dates back to 1947, when the British government commissioned plutonium production for the country's nuclear weapons program. The site then helped design and build the country's first nuclear reactor, contributing to the country's power grid until 2003, as well as recycling uranium and plutonium.

The Nuclear Decommissioning Authority, a non-ministerial public agency established under the 2004 Energy Act, said in 2018 that cleaning up the nation's nuclear facilities would take until 2120 and cost at least $153 billion, of which It estimated that Sellafield is expected to account for $115 billion. The NDA said that “these estimates remain highly uncertain” as it “struggles to understand the full extent of the work needed to clean up the most dangerous facilities.”

The Guardian reported that the government placed Sellafield in “special measures” in 2022 as part of a long-running investigation that documented not only cybersecurity shortcomings but also radioactive contamination and a “toxic” workplace culture. .

Last December, the newspaper reported that a group of state-run hackers with ties to both Russia and China had infiltrated Sellafield's network and planted “sleeper malware”.

Western governments are increasingly warning against the use of such tactics by China and Russia. Last month, U.S. security agencies and their counterparts in the Five Eyes intelligence-sharing alliance of Britain, Canada, Australia and New Zealand said a Chinese hacker group, codenamed Bolt Typhoon, was “at least for some time It has established a foothold in the victim's IT environment.” 5 years” and appears to be “preparing for future disruptive or destructive attacks.”

Countries warned that Chinese-backed hackers had stolen sensitive information related to operational technology systems such as SCADA systems and relays, and in some cases accessed CCTV surveillance systems of critical infrastructure facilities.

The warning comes amid rising tensions between China and the West over the South China Sea, and as Chinese President Xi Jinping orders his military to be able to invade Taiwan by 2027. Western observers have warned that China could try to crush an important Western state. Infrastructure development will delay the military's response and buy time for Chinese ground forces to conquer Taiwan.