Britain’s Sellafield nuclear facility was hacked by cyber groups closely linked to Russia and China, the Guardian newspaper has revealed. The Guardian wrote in Monday’s text that authorities do not know exactly when Sellafield’s IT systems were first attacked.
But The Guardian’s sources said the breach was first noticed by authorities as early as 2015, when experts realized so-called dormant malware – a program that can lie in wait and be used to spy on or attack systems – had been injected into Sellafield’s computer networks. It is not yet known if this malware has been fully eradicated. It may mean that some of Sellafield’s most sensitive activities, such as moving radioactive waste, monitoring hazardous material leaks or fire control, have been compromised.
The site is home to the world’s largest stockpile of plutonium and a vast dump of nuclear waste from weapons programs and decades of atomic energy production. It is guarded by armed police and also houses emergency planning documents to be used in the event the UK is attacked from abroad.
The extent of the problem was only revealed after employees at an external site discovered they had access to Sellafield’s servers and reported it to ONR’s Office of Nuclear Regulation. In addition, it was also discovered that third-party vendors could plug memory cards into the system without supervision. In one incident in July last year, login details and passwords to secure IT systems at Sellafied were accidentally leaked onto television screens across the UK. The data was broadcast in the natural history series Countryfile on BBC One.
Cyber attacks and cyber espionage by Russia and China are among the biggest threats to the UK, according to security experts. The latest National Risk Register, the official document that outlines the key dangers the UK could face, includes a cyber attack on civilian nuclear infrastructure.