Security News Sellafield nuclear waste dump faces prosecution over cybersecurity failures

[Bot]

The UK's Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to years of alleged cybersecurity breaches.

Last December, as we previously reported, claims surfaced about Russian and Chinese hackers planting malware on the nuclear reactor site's systems as far back as 2015.

The fear is that the malware might have been planted on Sellafield's IT systems for espionage (to access sensitive information about personnel or radioactive waste movement) and for disruptive attacks.

Sellafield's computer servers are considered alarming by some insiders, earning the nickname "Voldermort," after the Harry Potter villain.

External contractors have reportedly been allowed to plug potentially-infected USB devices into the Sellafield facility's network. A 2012 report warned of "critical security vulnerabilities" that still need urgent fixing.

The Guardian, which initially brought attention to the claims, said that it was still not known if the malware infection had been eradicated, and that the Sellafield site had been put in "special measures" due to its consistent cybersecurity breaches and failure to report incidents.

At the time of the initial reports in The Guardian, the UK government tried to defuse the seriousness of the situation:

"We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian."

However, as The Guardian now reports, the ONR will prosecute Sellafield for alleged security offences, prompted by the newspaper's investigation.

"These charges relate to alleged information technology security offences during a four-year period between 2019 and early 2023. There is no suggestion that public safety has been compromised as a result of these issues," said the ONR. "The decision to begin legal proceedings follows an investigation by ONR, the UK’s independent nuclear regulator."

Source: Sellafield nuclear waste dump faces prosecution over cybersecurity failures

 

[Gandalf_The_Grey]

UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls

Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023.

According to the ONR announcement, Sellafield failed to follow its own approved cybersecurity protocols by leaving multiple vulnerabilities in its IT systems unpatched, violating the Nuclear Industries Security Regulations 2003.

Although no exploitation has occurred, the weaknesses exposed the facility to risks such as ransomware, phishing, and potential data loss, which could disrupt high-hazard operations and delay decommissioning work.

Last year, a series of investigations by The Guardian into Sellafield's cybersecurity brought attention to multiple severe issues, revealing that contractors had easy access to critical systems where they, among other things, could install USB drives.

Additionally, well-known vulnerabilities within the facility abound, giving the site the nickname "Voldemort" by people working there.

An audit from French security firm Atos revealed that roughly 75% of Sellafield's servers were vulnerable to attacks with potentially catastrophic consequences.

UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls

Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023.

www.bleepingcomputer.com