Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
A potential attack could paralyze the operation of the facility for a year and a half.
Sellafield Limited, a non-profit organization that operates the nuclear facility of the same name in northwest England, has been fined £332,500 (about $440,000) for cybersecurity breaches. According to the decision of the Nuclear Regulatory Office (ONR), the company did not comply with its own cybersecurity standards, which put sensitive information at risk between 2019 and 2023.
According to the ONR, Sellafield's specialists ignored a number of critical vulnerabilities in its information systems, violating the 2003 nuclear industry safety regulations. Although no cyber incidents occurred, the identified issues posed a potential threat of cyberattacks, including malware installations, phishing attacks, and data breaches.
Sellafield is one of Europe's largest nuclear facilities and plays a key role in the processing and storage of radioactive materials. The facility concentrates more nuclear waste than any other facility in the world. It performs tasks for the management of fuel, sediment and waste, stores uranium and plutonium, and also deals with the elimination of old nuclear installations.
Earlier, investigations by the British newspaper The Guardian revealed serious cybersecurity problems at the facility. It was found that contractors had access to critical systems and could connect external devices such as USB drives to them. An audit by the French company Atos showed that about 75% of Sellafield's servers were vulnerable to potential attacks with catastrophic consequences.
ONR conducted its own investigation, confirming non-compliance with cybersecurity standards. However, the organization noted that no facts of hacking or exploiting vulnerabilities in Sellafield were found. This refutes the reports of some media about allegedly successful attacks by foreign hackers and their planting of malware. Be that as it may, Sellafield pleaded guilty.
In a statement, ONR said that Sellafield Ltd "committed significant violations in ensuring cybersecurity and protecting nuclear information." It is indicated that the vulnerabilities persisted for a long time, which created the risk of unauthorized access to IT systems and data leakage. However, it is officially confirmed that the flaws found did not lead to hacking or attacks.
ONR conducted an inspection of Sellafield and found that if the ransomware attack were successful, the nuclear facility could have been disrupted for up to 18 months. Over the past year, the company has replaced some of its executives and IT managers to strengthen cybersecurity measures. According to the ONR, progress in solving the identified problems is assessed as positive.
The fine of £332,500 is a stark reminder that ensuring the protection of information systems at strategic sites such as Sellafield does not tolerate negligence. In an era of growing cyber threats, even temporary security gaps can lead to serious consequences, and preventing such risks requires not only the responsibility of the company, but also the continuous improvement of protection measures.
Source
Sellafield Limited, a non-profit organization that operates the nuclear facility of the same name in northwest England, has been fined £332,500 (about $440,000) for cybersecurity breaches. According to the decision of the Nuclear Regulatory Office (ONR), the company did not comply with its own cybersecurity standards, which put sensitive information at risk between 2019 and 2023.
According to the ONR, Sellafield's specialists ignored a number of critical vulnerabilities in its information systems, violating the 2003 nuclear industry safety regulations. Although no cyber incidents occurred, the identified issues posed a potential threat of cyberattacks, including malware installations, phishing attacks, and data breaches.
Sellafield is one of Europe's largest nuclear facilities and plays a key role in the processing and storage of radioactive materials. The facility concentrates more nuclear waste than any other facility in the world. It performs tasks for the management of fuel, sediment and waste, stores uranium and plutonium, and also deals with the elimination of old nuclear installations.
Earlier, investigations by the British newspaper The Guardian revealed serious cybersecurity problems at the facility. It was found that contractors had access to critical systems and could connect external devices such as USB drives to them. An audit by the French company Atos showed that about 75% of Sellafield's servers were vulnerable to potential attacks with catastrophic consequences.
ONR conducted its own investigation, confirming non-compliance with cybersecurity standards. However, the organization noted that no facts of hacking or exploiting vulnerabilities in Sellafield were found. This refutes the reports of some media about allegedly successful attacks by foreign hackers and their planting of malware. Be that as it may, Sellafield pleaded guilty.
In a statement, ONR said that Sellafield Ltd "committed significant violations in ensuring cybersecurity and protecting nuclear information." It is indicated that the vulnerabilities persisted for a long time, which created the risk of unauthorized access to IT systems and data leakage. However, it is officially confirmed that the flaws found did not lead to hacking or attacks.
ONR conducted an inspection of Sellafield and found that if the ransomware attack were successful, the nuclear facility could have been disrupted for up to 18 months. Over the past year, the company has replaced some of its executives and IT managers to strengthen cybersecurity measures. According to the ONR, progress in solving the identified problems is assessed as positive.
The fine of £332,500 is a stark reminder that ensuring the protection of information systems at strategic sites such as Sellafield does not tolerate negligence. In an era of growing cyber threats, even temporary security gaps can lead to serious consequences, and preventing such risks requires not only the responsibility of the company, but also the continuous improvement of protection measures.
Source
