Sellafield nuclear site compromised by Russian and Chinese hackers

Skull and Crossbones
(Image credit: Shutterstock)

The UK Sellafield site has been breached by hackers with links to Russia and China’s governments, the Guardian has revealed.

The site is listed as the UK’s most hazardous, and contains the world’s largest store of plutonium, alongside highly sensitive data relating to nuclear attacks and disasters.

The breach has been traced as far back as 2015 after experts uncovered malware within the Sellafield site’s computer systems.

Cyber Chernobyl?

Originally designed to produce plutonium for nuclear weapons research and production during the Cold War, the site has also seen extensive use for power production, and nuclear fuel reprocessing and waste storage.

The site has over 11,000 staff, and has taken in spent radioactive fuel from a number of other countries for processing. The site is guarded by armed police, but its cyber network is apparently not offered the same level of security, and was last year placed into “special measures” due to its poor cyber security.

Among a number of other failings, it was found that contractors working on the site were able to access the network unsupervised, and workers on an external site could also access the Sellafield network.

Ed Miliband, the shadow secretary of state for energy security and net zero, commented that it was a “very concerning report about one of our most sensitive pieces of energy infrastructure”.

“It raises allegations that must be treated with the utmost seriousness by government. The government has a responsibility to say when it first knew of these allegations, what action it and the regulator took and to provide assurances about the protection of our national security.”

There is currently no information on exactly what information was stolen by the hackers, but Guardian sources suggested that even the most confidential information on the site could have been accessed by hackers.

According to the Office for Nuclear Regulation, it is expected that individuals will be charged for the site’s cybersecurity failings, and there are suggestions that the Sellafield network is so outdated and vulnerable that a brand new network should be built to replace it’s current systems.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism he worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but he also likes to draw on his knowledge of geopolitics and international relations to understand the motives and consequences of state-sponsored cyber attacks.

He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. His masters dissertation, titled 'Arms sales as a foreign policy tool,' argues that the export of weapon systems has been an integral part of the diplomatic toolkit used by the US, Russia and China since 1945. Benedict has also written about NATO's role in the era of hybrid warfare, the influence of interest groups on US foreign policy, and how reputational insecurity can contribute to the misuse of intelligence.

Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.