UK-based nuclear waste unit Sellafield Ltd got fined £332,500 for cybersecurity pitfalls.
Key Takeaways
- The ONR fined Sellafield Ltd. £332,500 ($440,795) for cybersecurity violations.
- The breaches occurred over a four-year period (2019-2023)
- Sellafield Ltd. failed to follow its own authorized cybersecurity measures.
- Sellafield said that no evidence was discovered that indicates public safety had been compromised.
On Wednesday, the Office for Nuclear Regulation (ONR) fined Sellafield Ltd. £332,500 ($440,795) for cybersecurity failings. Sellafield is one of the UK nuclear decommissioning sites run by an agency called the Nuclear Decommissioning Authority.
A four-year breach from 2019 to 2023 exposed the facility’s IT systems to serious risks. They failed to provide sufficiently robust protection for sensitive nuclear information and inadequate critical health checks on both operational and IT systems.
The ONR discovered that Sellafield Ltd. failed to follow its own authorized cybersecurity measures, leaving vital systems vulnerable to potential exploitation.
Further, ONR said,
There was no evidence that any vulnerabilities at Sellafield had been exploited as a result of the failings.”
There were no known successful attacks, although there was a significant risk of ransomware, phishing, and illegal access. Experts have dubbed the scenario “catastrophic.” They stressed that such shortcomings at a plant handling highly sensitive nuclear materials may have led to serious consequences, including operational disruption and delays in decommissioning activities.
Sellafield stated in a statement that it takes cybersecurity seriously, as seen by its guilty pleas. The allegations stem from past offenses.
Sellafield claimed there was no evidence that public safety had been jeopardized and that it had not been the target of a “successful” cyberattack. It also said it has improved its systems, network, and structures.
The fines and prosecution drew significant condemnation. Cybersecurity experts warn that similar weaknesses in other highly susceptible companies could result in disasters if not addressed quickly.
Cybersecurity violations open a door for vulnerabilities, affecting the data of the company and connected users. Recently, 11 million Google Play app users got infected by a Necro Trojan. It left another mark on the history of cybersecurity by demonstrating how threats enter the system and affect millions of individuals.
For more AI, cyber security, and digital marketing insights, visit Daily Digital Grind.
If you’re interested in contributing, check out our Write for Us page to submit your guest posts!