Sellafield denies nuclear site’s networks have been victim of cyber attacks

Sellafield has denied reports that its IT networks have been attacked by cyber groups linked to Russia and China.

The Guardian said an investigation into the nuclear site in Cumbria found security breaches, dating back to 2015, which it says were not reported to regulators for “several years”.

The year-long investigation, named Nuclear Leaks, said sleeper malware which can be used to spy on or attack systems had been embedded in the networks and could still be there.

But a statement from Sellafield Ltd, which runs the site under the control of the Government-run Nuclear Decommissioning Authority, said the company had “no records or evidence” that its networks had been “successfully attacked by state actors” as outlined in the report.

Downing Street said public safety has not been compromised.

Prime Minister Rishi Sunak’s spokesman said: “The regulators have reassured the Government that public safety is not compromised at Sellafield and the public should be reassured of that.”

The official added: “The National Cyber Security Centre has warned of the cyber threat to our critical national infrastructure for some time. That’s why we’ve worked closely with UK businesses, organisations to improve cybersecurity and resilience across a range of sectors.”

Sellafield’s statement said: “Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.

“We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection.

“Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”

The Guardian investigation looked into cyber hacking, radioactive contamination and workplace culture at the site, which housed a nuclear power plant until 2003 and is used for nuclear waste processing and storage as well as decommissioning.

The report quotes sources at the Office for Nuclear Regulation (ONR) as saying that Sellafield was placed into “special measures” last year over cybersecurity failings.

An ONR spokesman told The Guardian: “Some specific matters are subject to ongoing investigations, so we are unable to comment further at this time.”

Ed Miliband, shadow secretary of state for energy security and net zero, told the paper the report is “very concerning” and needs to be “treated with the utmost seriousness” by the Government.