Sellafield Fined for Cybersecurity Failures at Nuclear Site

Sellafield Ltd has been fined £332,500 ($437,440) for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England.

The fine was issued by Westminster Magistrates Court following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator.

Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060).

The offences relate to Sellafield’s management of the security around its information technology systems between 2019 to 2023 and breaches of the Nuclear Industries Security Regulations 2003.

At a hearing in June 2024, Sellafield plead guilty to all the charges brought by the ONR, which encompassed the following offences:

Sellafield is one of Europe’s largest industrial complexes, managing more radioactive waste than any other nuclear facility in the world.

Attack Could Have Disrupted Operations, Exposed Sensitive Data
A successful cyber-attack could have resulted in severe consequences to the nuclear plant as a result of Sellafield Ltd’s failings. This included disruption to the nuclear plant’s operations, damaged facilities, delayed decommissioning, and the loss or compromise of key systems of data.

A 2023 inspection concluded that a successful ransomware attack could impact important high-hazard risk reduction work at the site, with the full recovery of IT operations taking up to 18 months.

Read the Full Story Here

Source: Infosecurity Magazine