Sellafield LtdNewsWatchdog approves Sellafield physical security, but warns about cyberThe Office for Nuclear Regulation has taken Sellafield out of special measures for physical security, but harbours cyber security concernsByBrian McKenna,Enterprise Applications EditorPublished: 20 Feb 2025 15:45 Cumbrian nuclear facility Sellafield is still under scrutiny for cyber security problems, despite the regulators clean bill of health for its physical security.The Office for Nuclear Regulation (ONR) has returned the Sellafield site to a routine regulatory regime for physical security after a period of enhanced oversight, according to a government statement.The ONRs statement said: Over the last two years, ONR has carried out a regular programme of inspections and interventions at Sellafield, assessing evidence provided by the licensees security and resilience team. This identified a period of sustained improved performance in the area of physical security, and ONR is satisfied that the required security outcomes are now being achieved.However, the ONR added: Sellafield Ltd currently remains in significantly enhanced attention for cyber security, and collaborative work is ongoing to achieve the required improvements in this area.In December 2023, The Guardian reported that groups linked to China and Russia had hacked into Sellafields IT systems, embedding sleeper malware that could lurk and be used to spy or attack systems.And in October 2024, the nuclear waste facility was ordered to pay 400,000 by Westminster Magistrates Court, after it pleaded guilty to criminal charges over years of cyber security failings, and apologised to the court.The ONR brought the charges against Sellafield Ltd, accusing it of leaving exposed information that could threaten national security over a four-year period, from 2019 to 2023. Three-quarters of its servers were also said to be vulnerable to cyber attack.Read more about SellafieldSellafield operator opens dedicated cyber centre.Sellafield pleads guilty to criminal charges over cyber security.The local authority for Sellafield, Europes biggest nuclear site, has been slammed by auditors for its response to a North Korea-linked cyber attack that temporarily crippled its operations.Sellafield whistleblower ordered to pay costs after email tampering claims.One of the three criminal charges brought related to Sellafields failure to ensure that there was adequate protection of sensitive nuclear information on its information technology network, while the other two related to failures to conduct annual health checks of its IT systems.Sellafields lawyers said at the time, it is important to emphasise there was not and has never been a successful cyber attack on [the facility], before noting that the offences are historical [and] do not reflect the current position.Paul Dicks, the ONRs director of regulation for Sellafield, decommissioning, fuel and waste, said of the new bill of health: We have worked closely with Sellafield Ltd through our enabling approach to ensure that the required improvements are delivered. Im satisfied that Sellafield Ltd has demonstrated significant and sustained security improvements which has allowed us to return them to routine regulatory attention.Sellafield operates under the governance of the Nuclear Decommissioning Authority(NDA), a quasi-governmental body that serves to wind up and render safe the UKs oldest nuclear industry sites.In November 2024, the NDA opened a cyber security centre to safeguard against cyber attacks on the civil nuclear sector.Its Group Cyberspace Collaboration Centre in Cumbria is said to gather security, digital and engineering experts to work on how best to adopt new technologies and defend against evolving threats.Warren Cain, superintending inspector at theOffice for Nuclear Regulation, said: All nuclear sites must have strong cyber security systems in place to protect important information and assets from cyber threats.Cyber security is a key regulatory priority for the Office for Nuclear Regulation, and we welcome the NDAs commitment to strengthen their cyber defences with this new specialist facility.Besides Sellafield, the UKs nuclear sites include Hinkley Point, Harwell, Dungeness, Bradwell and Sizewell, Trawsfynydd and Wylfa, and Dounreay.In The Current Issue:AI Action Summit: Global leaders decry AI red tapeNavigating the practicalities of AI regulation and legislationDownload Current IssueSLM series - InFlux Technologies: It's a question of specialisation, especially CW Developer NetworkBudget flexibility for on-prem AI Cliff Saran's Enterprise blogView All Blogs