THE UK NUCLEAR Decommissioning Authority has launched a cybersecurity centre near the Sellafield nuclear facility in Cumbria, months after the plant was fined over vulnerabilities in its data systems.
The authority, an independent UK government agency, launched the Group Cyberspace Collaboration Centre (GCCC) to create a “space for experts in cyber, digital, and engineering to come together and share knowledge and learning on how best to adopt new technologies and defend against evolving threats”.
The new centre aims to improve cybersecurity across 17 of the UK’s earliest nuclear facilities including Sellafield, Hinkley Point, and Sizewell. All 17 are in long decommissioning processes which involve treating nuclear waste from previously live reactors. The Nuclear Decommissioning Authority has set the goal of completing clean-up by 2380.
Chemical and process engineers at nuclear facilities will use the GCCC to work alongside cybersecurity experts to ensure potential data vulnerabilities are minimised in any work they do.
David Peattie, the NDA’s CEO, said: “The GCCC is further enhancing our collective ability to keep us safe, secure, resilient, and sustainable in cyber space. Enabling us to work together more closely means we can defend as one, benefiting the collective security of the individual organisations we serve.
“When it comes to security, we are never complacent, and we continually invest in our expertise and our technology to further strengthen our capability.”
The GCCC will be based near Whitehaven, Cumbria, owing to its proximity to Sellafield. The government-owned company that operates the plant was fined £332,500 (US$423,000) after pleading guilty to criminal charges brought by the Office for Nuclear Regulation (ONR) relating to cybersecurity failings for years. Sellafield said it took cybersecurity “extremely seriously, as reflected in our guilty pleas”.
The power of cyberweapons to wreak havoc on physical industrial facilities was brought to light by the Stuxnet attacks in the early 2010s, when US-Israeli malware was deployed against Iran’s nuclear network. The attacks reportedly caused around a fifth of the Iran’s nuclear centrifuges to self-destruct.
In the UK, The Guardian reported in late 2023 that Sellafield’s computer networks had been hacked by Chinese- and Russian-linked groups. Sellafield rejected the allegations, saying they had found no evidence of a hack.
Warren Cain, an ONR inspector, said: “All nuclear sites must have strong cybersecurity systems in place to protect important information and assets from cyber threats. Cybersecurity is a key regulatory priority for the Office for Nuclear Regulation, and we welcome the NDA’s commitment to strengthen their cyber defences with this new specialist facility.”
The new centre comes after the government’s July announcement of the Cyber Security and Resilience Bill. The government expects to vote on the bill in February 2025.
Catch up on the latest news, views and jobs from The Chemical Engineer. Below are the four latest issues. View a wider selection of the archive from within the Magazine section of this site.