"Failings were known about for a considerable length of time but despite our interventions and guidance, Sellafield failed to respond effectively, which left it vulnerable to security breaches and its systems being compromised," said Paul Fyfe, ONR's senior director of regulation.
"The last thing [Sellafield] needs is dodgy cybersecurity. Yet the site's poor infosec practices violated the UK's Nuclear Industries Security Regulations 2003," according to the ONR.
Despite a four-year stretch of lax cybersecurity, which left its IT systems vulnerable to unauthorized access and data theft, "there is no evidence that any vulnerabilities at Sellafield Ltd have been exploited as a result of the identified failings," the regulatory body concluded.
"This fine and court appearances follow allegations in December 2023 that Sellafield had been hit with malware by Russia and China. At the time, the UK government and ONR both denied systems were compromised."
Collection
[
|
...
]