Allegations “relating” that teams connected to Russia and China hacked into the computer systems of a nuclear power plant in England require “urgent attention,” the energy secretary said.
Claire Coutinho has written to the Nuclear Decommissioning Authority (NDA) following reports of a breach at Sellafield, Cumbria, which housed a nuclear power station until 2003 and is now used for the treatment and storage of nuclear waste.
Coutinho said the allegations, first reported through the Guardian, were “a reminder of concern” of some of the site’s problems, adding to cybersecurity.
Politics latest: Cleverly arrives in Rwanda to sign new treaty
The energy secretary said she would be speaking to the NDA, which is responsible on behalf of the government for cleaning up the UK’s nuclear sites, and the Office for Nuclear Regulation (ONR), which regulates the nuclear industry.
Sellafield is focused on cleaning up 70 years of nuclear waste legacy in the UK.
The Guardian reported that an investigation into the site found that sleeper malware which can be used to spy on or attack IT systems was present in its networks and could still be there.
The investigation found that the security breaches dated back to 2015 and had been reported to regulators for several years.
Sellafield LTD, which runs the site under the authority of the government-led NDA, denied the allegations and said it had “no record or evidence” that its networks had been “successfully attacked through state actors,” such as says The Guardian.
A spokesperson for the ONR told the Guardian: “There are specific issues that are the subject of ongoing investigations, so we are unable to comment further at this time. “
Read more:Inside Western Europe’s Most Damaging BuildingPublic to Weigh in on Plans to Bury Radioactive Materials
In her letter to the NDA, Ms Coutinho said that although it had said there was “no risk to public safety” the allegations nevertheless “require urgent attention”.
He said he had also asked for “additional assurances” from the ONR and the National Cyber Security Center.
“I would also like to see the NDA provide greater assurance that cybersecurity threats are addressed with priority and that threats that emerge as such are properly recorded and addressed,” he added.
The Guardian’s year-long investigation into cyberpiracy, radioactive contamination and the culture of “toxic” paints at the site, which houses the Magnox chip storage silo (MSSS), which the ONR described as an “intolerable risk”.
Coutinho said he defended Sellafield had been under “enhanced regulatory scrutiny” since 2014.
Sellafield said in a statement: “Our surveillance systems are and we are confident that there is no such malware on our system.
“At Sellafield, we take cybersecurity incredibly seriously. All of our systems and servers have degrees of protection.
“The critical networks that allow us to function securely are far removed from our overall IT network, which means that an attack on our IT formula would not be penetrating them. “