Stock market journalist
Daily Stock Markets News


Sellafield apologises after guilty plea over string of cybersecurity failings |

Energy
By admin 5 0


Sellafield has apologised after pleading guilty to criminal charges relating to a string of cybersecurity failings at Britain’s most hazardous nuclear site, which it admitted could have threatened national security.

Among the failings at the vast nuclear waste dump in Cumbria was the discovery that 75% of its computer servers were vulnerable to cyber-attacks, Westminster magistrates court in London heard.

Information that could threaten national security was left exposed for four years, the nuclear watchdog revealed, and Sellafield said it had been performing critical IT health checks that were not, in fact, being carried out.

Late last year, the Guardian’s Nuclear Leaks investigation revealed a string of IT failings at the state-owned company dating back several years, as well as radioactive contamination and toxic workplace culture.

Sellafield is a sprawling rubbish dump for nuclear waste from weapons programmes and decades of atomic power generation. It has a workforce of about 11,000 people and is part of the Nuclear Decommissioning Authority, a taxpayer-owned and -funded quango.

The Guardian’s investigation also revealed concerns about external contractors being able to plug memory sticks into Sellafield’s system while unsupervised and that its computer servers were deemed so insecure that the problem was nicknamed Voldemort after the Harry Potter villain because it was so sensitive and dangerous.

Sellafield pleaded guilty to charges brought by the Office for Nuclear Regulation (ONR) in June, which relate to information technology security offences spanning a four-year period from 2019 to 2023.

The firm is now awaiting final sentencing, whichthe chief magistrate, Paul Goldspring, said would happen within weeks. The ONR has said it expects sentencing to take place in September.

At a sentencing hearing on Thursday, the court heard that a test had found that it was possible to download and execute malicious files on to Sellafield’s IT networks via a phishing attack “without raising any alarms”, according to Nigel Lawrence KC, representing the ONR.

The site, the world’s largest store of plutonium, was left vulnerable to internal and external cyber-attacks and 75% of its servers were insecure, Lawrence said, citing a report by Atos, a subcontractor at the site.

Sellafield’s own report, from the external IT company Commissum, found that any “reasonably skilled hacker or malicious insider” could access sensitive data and insert malware – computer code – that could then be used to steal information.

Euan Hutton, chief executive of Sellafield, apologised for failures spanning years in a written witness statement referred to by Paul Greaney KC, representing the company. Hutton said: “I again apologise on behalf of the company for matters which led to these proceedings … I genuinely believe that the issues which led to this prosecution are in the past.”

Hutton was in court but did not speak at the hearing.

Greaney said the company had tried to address its cybersecurity failings by changing IT management at the site and creating a new secure datacentre.

The barrister said some problems identified in recent years had been “turbo-charged” by the prosecution. Greaney said the failings were not a result of cost-cutting. “There was no penny-pinching,” he added.

The court also heard that a subcontractor was sent 4,000 files by mistake, 13 of which were classed as “official/sensitive”, without any alarm being triggered.

Sensitive nuclear information (SNI), the industry’s special classification system, was left vulnerable in part because of the use of “obsolete” technology including Windows 7 and Windows 2008, Lawrence said.

skip past newsletter promotion

SNI is a mode of categorising information that may have national security implications, and has a special status in law, like other classified materials handled by the British security services or the civil service. Details are given SNI status if they are “deemed to be of value to an adversary planning a hostile act”, according to the ONR.

While all parties said the failings were very serious, the judge said he would need to balance the cost to the taxpayer with the need to deter others in the sector from committing similar offences.

The sentencing would be “new territory for all of us”, Goldspring said, given that no…



Read More: Sellafield apologises after guilty plea over string of cybersecurity failings |

admin 13713 posts 0 comments

We strive to produce competitive media products that meet the needs of readers and advertisers, to make the company profitable, and to meet the expectations of the owners and employees of the publishing house.
The mission of is based on two main strategies shared by each employee: continuous professional growth and compliance with the standards of quality journalism

You might also like More from author
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

We respect your privacy and take protecting it seriously