Sellafield Nuclear Site Pleads Guilty for Cybersecurity Failures

Sellafield pleads guilty to cybersecurity failures, admitting to IT security breaches from 2019 to 2023. Sentencing on August 8.

Sellafield, the UK’s most dangerous nuclear station, has agreed to criminal charges stemming from cybersecurity failures, as reported by the industry regulator. This admission was made in Westminster magistrates’ court on Thursday, with Sellafield’s attorneys admitting that cybersecurity rules were “not sufficiently adhered to” throughout the four-year period from 2019 to 2023.

The case was initiated by the Office for Nuclear Regulation (ONR), which focused on several IT security violations. Sellafield pleaded guilty to failing to adequately protect critical nuclear information on its IT network, as reported by the Financial Times.

This legal action follows the Guardian’s Nuclear Leaks investigation, which revealed severe IT failures at Sellafield extending back several years. The inquiry found evidence of hacking by parties linked to Russia and China, who allegedly put sleeper malware in Sellafield’s systems in December last year. However, Sellafield has stated that there was no indication of a successful cyber-attack.

Sellafield’s lawyer, Paul Greaney KC, emphasised in court that no successful cyber-attacks had been recorded, calling media claims of such events “false”. He promised that Sellafield’s systems are now reliable.

The ONR recognised Sellafield’s guilty plea, claiming that there was no evidence of exploited vulnerabilities, but declined further comment due to continuing legal procedures. Sentencing is scheduled for August 8.

Sellafield, which houses the world’s largest plutonium stockpile, has long been a hub for radioactive waste from weapons programmes and atomic power generation. The Guardian’s research uncovered major IT security flaws, such as uncontrolled access by external contractors and long-standing vulnerabilities that were compared to the “Voldemort” villain from Harry Potter owing to their severity.

In response, Sellafield stated that essential operational networks are segregated from common IT systems, preventing cyber-attacks. A spokeswoman affirmed complete collaboration with the ONR, emphasising that public safety was never jeopardised.

The National Audit Office also initiated a probe into Sellafield’s risks and expenses early this year. Sellafield is unable to provide more comment while legal processes are ongoing.

Sellafield, the UK’s most dangerous nuclear station, has agreed to criminal charges stemming from cybersecurity failures, as reported by the industry regulator. This admission was made in Westminster magistrates’ court on Thursday, with Sellafield’s attorneys admitting that cybersecurity rules were “not sufficiently adhered to” throughout the four-year period from 2019 to 2023.

The case was initiated by the Office for Nuclear Regulation (ONR), which focused on several IT security violations. Sellafield pleaded guilty to failing to adequately protect critical nuclear information on its IT network, as reported by the Financial Times.

This legal action follows the Guardian’s Nuclear Leaks investigation, which revealed severe IT failures at Sellafield extending back several years. The inquiry found evidence of hacking by parties linked to Russia and China, who allegedly put sleeper malware in Sellafield’s systems in December last year. However, Sellafield has stated that there was no indication of a successful cyber-attack.

Sellafield’s lawyer, Paul Greaney KC, emphasised in court that no successful cyber-attacks had been recorded, calling media claims of such events “false”. He promised that Sellafield’s systems are now reliable.

The ONR recognised Sellafield’s guilty plea, claiming that there was no evidence of exploited vulnerabilities, but declined further comment due to continuing legal procedures. Sentencing is scheduled for August 8.

Sellafield, which houses the world’s largest plutonium stockpile, has long been a hub for radioactive waste from weapons programmes and atomic power generation. The Guardian’s research uncovered major IT security flaws, such as uncontrolled access by external contractors and long-standing vulnerabilities that were compared to the “Voldemort” villain from Harry Potter owing to their severity.

In response, Sellafield stated that essential operational networks are segregated from common IT systems, preventing cyber-attacks. A spokeswoman affirmed complete collaboration with the ONR, emphasising that public safety was never jeopardised.

The National Audit Office also initiated a probe into Sellafield’s risks and expenses early this year. Sellafield is unable to provide more comment while legal processes are ongoing.

Green Time Editorial Body