Sellafield apologises after pleading guilty to cybersecurity failings
Sellafield has apologised after pleading guilty to criminal charges related to significant cybersecurity failings that ‘potentially endangered national security’.
The charges, brought by the Office for Nuclear Regulation (ONR), cover a four-year period from 2019 to 2023 and were heard in Westminster Magistrates Court.
According to The Guardian newspaper, the court heard that three-quarters of Sellafield’s servers were vulnerable to cyberattacks, leaving the world’s largest store of plutonium exposed to potential threats.
The ONR revealed that sensitive nuclear information (SNI) had been left at risk due to outdated technology, including the use of Windows 7 and Windows 2008.
It was also discovered that critical IT health checks, which Sellafield claimed were being performed, were not conducted.
A report by external IT firm Commissum found that even a ‘reasonably skilled hacker’ could have accessed and compromised sensitive data.
Source: Whitehaven News