“Concerning” allegations that groups linked to Russia and China hacked IT systems at a nuclear site in England require “urgent attention”, the energy secretary has said.
Claire Coutinho has written to the Nuclear Decommissioning Authority (NDA) following reports of a breach at Sellafield in Cumbria, which housed a nuclear power plant until 2003 and is now used for nuclear waste processing and storage.
Ms Coutinho said the allegations, first reported by The Guardian, were “a worrying reminder” of some of the site’s issues, including cybersecurity.
Politics latest: Cleverly arrives in Rwanda to sign new treaty
The energy secretary said she would be speaking to the NDA, which is responsible on behalf of the government for cleaning up the UK’s nuclear sites, and the Office for Nuclear Regulation (ONR), which regulates the nuclear industry.
The Sellafield site is focused on cleaning up 70 years of the UK’s nuclear waste legacy.
The Guardian reported that an investigation into the site found that sleeper malware which can be used to spy on or attack IT systems was present in its networks and could still be there.
Dallas Marc Kelly: Man jailed for life for murdering his four-month-old son in Cumbria
Paul Taylor: Murder investigation begins after man disappeared during Scotland to England drive
Historic Old Courthouse building in Cockermouth collapses into river
The investigation found the security breaches dated back to 2015 and were not reported to regulators for several years.
Sellafield LTD, which runs the site under the control of the government-run NDA, has denied the allegations, saying it had “no records or evidence” that its networks had been “successfully attacked by state actors” as claimed by The Guardian.
An ONR spokesperson told The Guardian: “Some specific matters are subject to ongoing investigations, so we are unable to comment further at this time.”
Read more:
Inside the most hazardous building in Western Europe
Public to have a say on plans to bury radioactive material
In her letter to the NDA, Ms Coutinho said that although it had said there was “no risk to public safety” the allegations nevertheless “require urgent attention”.
She said she had also asked for “further reassurance” from the ONR as well as the National Centre for Cyber Security.
“I would also like to see the NDA provide further assurance that cyber security threats are treated with the highest level of priority and that threats that so emerge are properly recorded and acted upon,” she added.
The Guardian’s year-long investigation looked into cyber hacking, radioactive contamination and “toxic” workplace culture at the site, which is home to The Magnox Swarf Storage Silo (MSSS), which the ONR has designated “an intolerable risk”.
Ms Coutinho said she understood that Sellafield had been under “enhanced regulatory scrutiny” since 2014.
Be the first to get Breaking News
Install the Sky News app for free
Sellafield said in a statement: “Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.
“We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection.
“Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”