nuclear-news

Crackdown on nuclear firm after cyber security ‘shortfalls’

The Ferret Rob Edwards, October 18, 2023

A multinational nuclear power company has been hit by an official crackdown because of cyber security failures that critics warned were a “very real and present danger”.

Oversight of EDF Energy by the UK Government’s safety watchdog, the Office for Nuclear Regulation, has been “significantly enhanced” to combat “shortfalls” in defences against digital attacks. This means more inspections and increased scrutiny of EDF’s cyber security.

EDF is a French government company that runs one nuclear power station in Scotland, at Torness in East Lothian, and four in England. It is also building a new nuclear station at Hinkley Point in Somerset.

Campaigners described EDF’s failure to properly protect its nuclear operations from “potentially dangerous cyber attacks” as “incomprehensible”. Nuclear plants were “vulnerable” to computer viruses that could threaten safety, they said……….

No details of EDF’s cyber security failings have been released for fear of helping would-be hackers. Cyber attacks are on the increase, with many organisations – such as the Scottish Environment Protection Agency – severely impacted.

The Times reported in 2017 that insecure passwords used by EDF nuclear managers had been found in two lists of stolen credentials traded on Russian hacking sites. According to The Telegraph in 2019, UK government intelligence experts had been called in after a cyber attack on an unnamed nuclear power company, suspected to be EDF.

The Ferret revealed in March 2023 that the police force tasked with guarding UK nuclear plants reported 37 security breaches in 2021-22, the highest for eight years. In August we reported that the Ministry of Defence’s nuclear managers had recorded 113 “security concerns” since 2017-18………………………………………………..

Nuclear plants ‘vulnerable’ to cyber attack

Dr Paul Dorfman, a nuclear critic and visiting fellow at the science policy research unit in the University of Sussex, highlighted concerns expressed by the UN’s International Atomic Energy Agency (IAEA) about the growing threats posed by cyber attacks.

Nuclear power plants are “vulnerable,” Dorfman said. “Cyber attacks threaten the security of nuclear facilities by compromising command and control systems and damaging safety, security and emergency responses.”

He added: “Rapidly spreading computer viruses and worms can infect instrument systems and corrupt files. EDF’s persisting failure to prepare for the very real and present danger of cyber attack on nuclear facilities is, quite simply, incomprehensible.”

Pete Roche, a consultant and anti-nuclear campaigner based in Edinburgh, pointed out that the Torness nuclear station was due to keep operating until 2028 despite cracks spreading in its graphite core.

“We need an operating company which can give meticulous attention to detail,” he said. “These revelations about cyber security seem to indicate that EDF is not capable of doing that.” …………………………………………………………………more https://theferret.scot/cyber-security-nuclear-security-crackdown/ #nuclear #antinuclear #nuclearfree #NoNukes

October 19, 2023 - Posted by Christina Macpherson | safety, UK