The Morning Star
JUST after Christmas, the Times’s science correspondent Oliver Moody provided a public and political service in exposing the worrying inadequacies of Britain’s nuclear safety and security regulator, the Office for Nuclear Regulation (ONR).
But while the article concentrated mainly on safety concerns, there are several security issues unresolved.
A report titled Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities, issued by the Washington DC-based Nuclear Threat Initiative (NTI) at the same IAEA conference, reveals that Britain’s nuclear sector has suffered two significant cyber security failures in the past: one in June 1999 at the Bradwell Nuclear Power Plant — when an employee intentionally “altered/destroyed data” — and in September 1991 at Sellafield — when a software bug led to “unauthorised opening of doors.”
The report asserts worryingly that: “The global community is in the early stages of understanding the magnitude of the cyber threat. In many ways, humans have created systems that are too complex to manage, in most cases, risks cannot even be quantified.”
In a forward to the report, experienced former US senator Sam Nunn, now co-chair of NTI, writes: “Governments and industry simply must get ahead of this rapidly evolving global threat.
“There’s no doubt that nuclear facility operators and regulators are aware of the threat.
“Unfortunately, many of the traditional methods of cyber defence at nuclear facilities — including firewalls, antivirus technology, and air gaps — are no longer enough to match today’s dynamic threats.