Sellafield Ltd has been fined £332,500 ($437,440) for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England.
The fine was issued by Westminster Magistrates Court following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator.
Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060).
The offences relate to Sellafield’s management of the security around its information technology systems between 2019 to 2023 and breaches of the Nuclear Industries Security Regulations 2003.
At a hearing in June 2024, Sellafield plead guilty to all the charges brought by the ONR, which encompassed the following offences:
Sellafield is one of Europe’s largest industrial complexes, managing more radioactive waste than any other nuclear facility in the world.
Attack Could Have Disrupted Operations, Exposed Sensitive Data
A successful cyber-attack could have resulted in severe consequences to the nuclear plant as a result of Sellafield Ltd’s failings. This included disruption to the nuclear plant’s operations, damaged facilities, delayed decommissioning, and the loss or compromise of key systems of data.
A 2023 inspection concluded that a successful ransomware attack could impact important high-hazard risk reduction work at the site, with the full recovery of IT operations taking up to 18 months.
Source: Infosecurity Magazine