December 5, 2023 at 01:38AM
The UK government denies The Guardian’s report that Sellafield nuclear complex was compromised by malware linked to Russia and China. The government claims no evidence of such attacks and asserts robust, isolated critical networks. The ONR acknowledges the need for cybersecurity improvements but denies public safety compromise.
Meeting Takeaways:
1. The UK government has officially refuted claims made by The Guardian alleging that the Sellafield nuclear complex has been afflicted by malware, possibly from Russian and Chinese cyber groups, since possibly before 2015.
2. The report indicated the malware could have leaked sensitive information related to nuclear material movement and safety concerns.
3. The UK government maintains that there is no evidence of successful cyber-attacks on Sellafield Ltd and assures that their monitoring systems are sufficiently robust to deny the presence of the alleged malware.
4. Government officials emphasize that critical networks at Sellafield are isolated from the broader IT network, which should prevent any IT system attacks from affecting these secure areas.
5. However, the concerns remain that isolated systems might not be entirely secure, as highlighted by historical cyber-attacks on isolated networks at other facilities through methods such as removable storage devices.
6. The Guardian report noted that Sellafield was reportedly put under ‘special measures’ for cyber security failings by the Office for Nuclear Regulation (ONR) and security services, although the ONR’s public comments didn’t directly address this.
7. The ONR acknowledged the need for improvements in safety and security but indicated no compromise to public safety. Sellafield Ltd has been placed under increased scrutiny due to not meeting certain cyber security standards.
8. The ONR also mentioned that specific issues are under investigation and declined to provide further comments at the moment.
Please note: The information above has been synthesized for the purpose of clear and concise meeting minutes and takeaways. It is based on the data provided in the meeting notes. For further actions or follow-up, additional context and the original source of information, such as the specific report from The Guardian and the UK government’s rebuttal, should be considered.