Sellafield Apologises for Serious Cybersecurity Failings

Emily Davidson

By Emily Davidson

09 August 2024
Sellafield Apologises for Serious Cybersecurity Failings

Sellafield, the UK’s most hazardous nuclear site, has publicly apologised after pleading guilty to a series of severe cybersecurity breaches that could have compromised national security. These failings, which were exposed in court, revealed that 75% of Sellafield’s servers were vulnerable to cyber-attacks, leaving sensitive nuclear information unprotected for four years.

The breaches, which occurred between 2019 and 2023, were so significant that they were likened to the threat posed by Voldemort in the Harry Potter series, highlighting the critical nature of the risks involved. Sellafield admitted that its outdated IT systems, including obsolete technology such as Windows 7 and Windows 2008, contributed to these vulnerabilities.

The company has since taken substantial steps to improve its cybersecurity measures, including a complete overhaul of its IT management and the creation of a new secure data centre. Despite these efforts, Sellafield is awaiting sentencing, marking the first time a nuclear site in the UK has faced prosecution for cybersecurity offences.

Sellafield’s CEO has apologised for the failings and assured the public that these issues are being addressed to prevent future breaches. The company also emphasised that no successful cyber-attack has occurred, and no sensitive nuclear information has been lost.

This case serves as a stark reminder of the critical importance of robust cybersecurity protocols in protecting national infrastructure. Ensuring that IT systems are secure and resilient is essential in safeguarding against cyber threats that could have catastrophic consequences.

Read more here.

#Cybersecurity #Sellafield #NuclearSafety #NationalSecurity #CyberThreats #ITSecurity #CyberDefence #ONR

Latest resources

What is the NIST Cyber Security Framework? 
Blog

What is the NIST Cyber Security Framework? 

When it comes to managing and reducing your cyber security risk, the NIST Cyber Security Framework is the most robust and accessible set of guidelines, aligning your entire organisation.  The National Institute of Standards and Technology (NIST) Cyber Security Framework is made up of six essential functions to ensure businesses can manage and mitigate their […]

Quantum Computing: The Silent Threat to NHS Data Security
Blog

Quantum Computing: The Silent Threat to NHS Data Security

As NHS leaders focus on transformation priorities – shifting care from hospital to community, treatment to prevention, and analogue to digital – a silent threat looms. Quantum computing, while promising revolutionary advances in healthcare, also poses serious risks to the security of sensitive patient data. And that’s regardless of whether an organisation uses quantum or […]

What does cyber resilience actually involve? 
Blog

What does cyber resilience actually involve? 

Between 2023-2024, there were 7.78 million cybercrimes of all types committed against UK businesses alone. From ransomware to phishing attacks, the risk of a security breach is always looming.   These cybercrimes can have disastrous consequences for businesses- from sensitive data breaches to complete system outages- which can come with high financial costs and reputational damage.  […]