Industry responds to Britain’s Sellafield cyberattack denial

Industry responds to Britain’s Sellafield cyberattack denial

British Government denies media reports of cybersecurity attacks on nuclear site Sellafield but Office for Nuclear Regulation admits improvements are required. Meanwhile, industry figures react.

The British Government has denied media reports over claims regarding serious cybersecurity breaches at nuclear site Sellafield.

The Guardian published a series of claims about cybersecurity at the UK nuclear site but the Government says it has ‘no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian.’

The statement adds: “Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.

“We take cybersecurity extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection. Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”

In an additional announcement, the Office for Nuclear Regulation (ONR) of Britain also declared that it found no proof of its systems being compromised by state actors, contrary to the report’s description.

“As a regulator, we have seen no evidence that Sellafield’s systems have been hacked by state actors in the way described in the report,” the organisation said in a statement.

“We have been clear that there are areas where improvements are required to achieve the high standards of safety and security we expect to see, but there is no suggestion that this is compromising public safety.

“We will continue to hold Sellafield Ltd to account to ensure these improvements are made through a range of regulatory action and enforcement.

“With new leadership in place at Sellafield Ltd, we have seen positive signs of improvement in recent months but will continue to apply robust regulatory scrutiny as necessary to ensure the ongoing safety of workers and the public.

“In relation to cybersecurity, Sellafield Ltd is currently not meeting certain high standards that we require, which is why we have placed them under significantly enhanced attention.

“Some specific matters are subject to an ongoing investigation process, so we are unable to comment further at this time.”

Meanwhile, leading industry figures have been giving their opinions. Jamie Ahktar, CEO and Co-Founder at CyberSmart, said: “Not only does the potential identification of ‘sleeper’ malware illustrate the sophistication of state-sponsored attacks but if the breach has lain undetected since 2015 it poses serious questions about Sellafield’s cyberdefences.

“Given that the site has faced several problems with its cybersecurity over the years, we hope this incident serves as a reminder, not just to Sellafield, but to all parts of the UK’s critical infrastructure and the small businesses that work in tandem with it to take cybersecurity seriously.” Dr Klaus Schenk, Senior Vice President, Security and Threat Research at Verimatrix, said: “Sharing information about hacks and being transparent about the details is always challenging, but it’s the only way to improve security when done responsibly.” Fergal Lyons, Cybersecurity Evangelist at Centripetal, said: “This situation underscores the daunting task of safeguarding any high-value facility under constant siege by assailants globally.

“Addressing these threats requires a deep dive into identifying and understanding these assailants – where they originate and who they are. It is important to note that in over 95% of cyberattacks globally, there existed some form of threat intelligence that, if leveraged effectively, could have mitigated the attack’s devastating impact.

“Conventional cybersecurity defences are failing on multiple fronts, as is evident in the surge of ransomware attacks and data breaches, signalling the need for an industry-wide re-evaluation of our existing defensive strategies.”

Patrick Tiquet, VP Security & Compliance, Keeper Security, said: “Nuclear plants rely on sophisticated control systems and technologies, making them challenging to secure completely. Advanced Persistent Threats (APTs) and well-funded hacking groups may see them as attractive targets due to the potential vulnerabilities in these complex systems. Protecting critical infrastructure from cyberattacks is as important as protecting it from physical attacks, because the consequences have the potential to be equally devastating.

“The growing use of malware and other cyberattacks in the context of cyber and traditional warfare underscores the need for continued cybersecurity investment and international cooperation to combat the threat of cyberattacks. A zero-trust, zero-knowledge cybersecurity architecture with least privilege access can limit, if not altogether prevent, a threat actor’s access.”

James McQuiggan, Security Awareness Advocate at KnowBe4, said: “Organizations, especially those in critical sectors, should be discussing internally to continually assess their cybersecurity programs, ensure to test their incident response plans and work to foster a culture of cybersecurity accompanied by transparency and continuous improvement in cybersecurity practices.”

Browse our latest issue

Intelligent CISO

View Magazine Archive