Sellafield operator opens dedicated cyber centre
The UK’s Nuclear Decommissioning Authority has opened a cyber security centre spanning its activities across the nuclear sector
The Nuclear Decommissioning Authority (NDA), the quasi-government body that serves to wind-up and make safe the UK’s oldest nuclear industry sites, has opened a dedicated cyber security centre in the hope of better safeguarding itself against cyber attacks on the civil nuclear sector.
Its Group Cyberspace Collaboration Centre (GCCC) in Cumbria will bring together security, digital and engineering experts to work together on how best to adopt new technologies and defend against evolving threats.
“The GCCC is further enhancing our collective ability to keep us safe, secure, resilient and sustainable in cyber space,” said NDA group CEO David Peattie.
“Enabling us to work together more closely means we can defend as one, benefitting the collective security of the individual organisations we serve.
“When it comes to security, we are never complacent, and we continually invest in our expertise and our technology to further strengthen our capability,” he added.
Warren Cain, superintending inspector at the Office for Nuclear Regulation, said: “All nuclear sites must have strong cyber security systems in place to protect important information and assets from cyber threats.
“Cyber security is a key regulatory priority for the Office for Nuclear Regulation, and we welcome the NDA’s commitment to strengthen their cyber defences with this new specialist facility.”
Criminal charges
However, the move comes months after state-owned Sellafield Ltd, which operates the eponymous nuclear waste facility under the auspices of the NDA, pled guilty to three criminal charges relating to cyber security breaches dating back years.
One of these charges concerned a failure to ensure adequate protection of sensitive nuclear information on the Sellafield IT network, and the other two related to failures to complete annual security audits.
Data put at risk supposedly included the movements of hazardous nuclear inventory, waste management, planning information and services provided to Sellafield by third parties.
Multifunctional space
The multifunctional GCCC space will be open to partners to explore how new security technologies can support the NDA’s important mission, and facilitate cyber ops, exercising and training.
It forms part of a wider portfolio of digital and security capabilities including a recently opened security operations centre, and will work closely alongside other related units located around Sellafield on the Cumbrian coast, including the Cyber Lab classroom at training centre Energus in Workington, Sellafield’s own Engineering Centre of Excellence in Cleator Moor, and the Robotics and AI Collaboration Centre in Whitehaven.
The NDA has also been working alongside experts from the University of Lancaster after signing a memorandum of understanding last year, covering areas related to cyber security and other aspects of safety related to nuclear decommissioning, such as robotics, waste management, geological disposal and environmental forensics, to name but a few.
This is in service of the NDA’s mission to clean-up and make safe 17 pioneering nuclear sites across the UK, which besides Sellafield include Hinkley Point, Harwell, Dungeness, Bradwell and Sizewell, Trawsfynydd and Wylfa, and Dounreay.
Barring climate collapse, alien invasion or an AI-induced singularity, the body’s core work will span many lifetimes yet to come, and is not set to conclude before 2333.
Read more about security for critical infrastructure
- UK government escalates cyber rhetoric in a speech at a Nato event, saying Russian advanced persistent threats stand ready to conduct cyber attacks that could ‘turn off the lights for millions’.
- After years of lobbying, the UK government has agreed to classify datacentres as critical national infrastructure, with the tech industry claiming the move is long overdue, but also recognition of the importance of server farms to the economy.
- The UK government says that enforced cyber incident and ransomware reporting for critical sectors of the economy will help to build a better picture of the threat landscape and enable more proactive and preventative responses.
Originally published at ECT News