Diamond Member Pelican Press 0 Posted March 28 Diamond Member Share Posted March 28 Sellafield to be prosecuted over alleged cyber compliance ******** This is the hidden content, please Sign In or Sign Up , the Nuclear Decommissioning Authority-backed organisation currently working to wind up operations at the troubled Sellafield nuclear facility in Cumbria, is to be prosecuted over significant cyber security failings under the auspices of the Nuclear Industries Security Regulations of 2003. The charges, This is the hidden content, please Sign In or Sign Up (ONR), cover a range of alleged IT security offences during the ******* between 2019 and 2023. “The decision to begin legal proceedings follows an investigation by ONR, the ***’s independent nuclear regulator,” the body said in a brief statement. “There is no suggestion that public safety has been compromised as a result of these issues. “Details of the first court hearing will be announced when available. Given that some matters are now subject to legal proceedings, we are unable to comment further.” The announcement came mere hours after it was reported that Sellafield’s chief information security officer, Richard Meal – a former RAF officer who has been in post for over 10 years – This is the hidden content, please Sign In or Sign Up although this has not been confirmed by Sellafield. Computer Weekly understands that Sellafield’s apparent cyber security issues have been bubbling to the surface for a while, and in 2023 the site’s operators strenuously denied allegations – arising from a lengthy Guardian investigation – that its IT systems had been thoroughly compromised by state-backed threat actors originating from China and Russia. The newspaper claimed the hackers had deployed difficult-to-detect sleeper malware on Sellafield’s systems to harvest data and snoop on the ongoing nuclear clean-up at the facility, which was the scene of the ***’s worst ever nuclear disaster in the 1950s. The Guardian accused Sellafield of a consistent cover-up of the intrusions, which supposedly dated to 2015, and alleged that the extent of the breach only came to light when workers at other sites discovered they could remotely access Sellafield’s systems. An insider at the site described Sellafield’s network as “fundamentally insecure” and drew attention to various concerns, which included the use of USB memory sticks by third-party contractors and an incident in which a visiting BBC camera crew accidentally filmed and broadcast user credentials. So severe were some of the failings that they were supposedly nicknamed “Voldemort”. At the time, This is the hidden content, please Sign In or Sign Up that the facility had “robust, multi-layer protection systems” and a “24/7-staffed cyber security operations centre” that would have detected any intrusion. The ONR has not provided details of any specific cyber security incidents that form the basis of its action. A spokesperson for the Department for Energy Security and Net Zero, which bears ultimate responsibility for funding Sellafield, said: “Safety and security at our former nuclear sites is paramount and we fully support the Office for Nuclear Regulation in its independent role as regulator. “The regulator has made clear that there is no suggestion that public safety has been compromised at Sellafield. “Since the ******* of this prosecution, we have seen a change of leadership at Sellafield and the ONR has noted a clear commitment to address its concerns.” A spokesperson for Sellafield Ltd said: “The ONR’s Civil Nuclear Security and Safeguards (CNSS) has notified us of its intention to prosecute the company relating to alleged past nuclear industry security regulations compliance. “As the issue is now the subject of active court proceedings, we are unable to comment further.” This is the hidden content, please Sign In or Sign Up #Sellafield #prosecuted #alleged #cyber #compliance #******** This is the hidden content, please Sign In or Sign Up Link to comment https://hopzone.eu/forums/topic/8324-sellafield-to-be-prosecuted-over-alleged-cyber-compliance-failure/ Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now