The UK’s Sellafield nuclear facility has denied reports that its IT networks have been attacked by cyber groups linked to Russia and China. The Guardian said an investigation into the nuclear site in Cumbria found security breaches, dating back to 2015, which it says were not reported to regulators for “several years.”
The year-long investigation, named ‘Nuclear Leaks,’ said sleeper malware which can be used to spy on or attack systems had been embedded in the networks and could still be there. But a statement from Sellafield Ltd, which runs the site under the control of the Government-run Nuclear Decommissioning Authority, said the company had “no records or evidence” that its networks had been “successfully attacked by state actors” as outlined in the report. Authorities said public safety has not been compromised.[1]
The UK’s Prime Minister’s spokesman said: “The regulators have reassured the Government that public safety is not compromised at Sellafield and the public should be reassured of that.” The official added: “The National Cyber Security Centre has warned of the cyber threat to our critical national infrastructure for some time. That’s why we’ve worked closely with UK businesses, organizations to improve cybersecurity and resilience across a range of sectors.”
Sellafield’s statement said: “Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system. “We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection. “Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”
A media investigation looked into cyber hacking, radioactive contamination and workplace culture at the site, which housed a nuclear power plant until 2003 and is used for nuclear waste processing and storage as well as decommissioning.
The report quotes sources at the UK’s Office for Nuclear Regulation (ONR) as saying that Sellafield was placed into “special measures” last year over cybersecurity failings.
An ONR spokesman told The Guardian: “Some specific matters are subject to ongoing investigations, so we are unable to comment further at this time.”
The UK’s secretary of state for energy security and net zero, told media sources the report is “very concerning” and needs to be “treated with the utmost seriousness” by the Government.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We can help provide cyber insurance through Cysurance. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://ca.style.yahoo.com/sellafield-denies-nuclear-networks-victim-022820871.html
Comments