"Sellafield Fined for Cybersecurity Failures at Nuclear Site"

Sellafield Ltd was recently fined $437,440 for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England.  The fine was issued by Westminster Magistrates Court.  Sellafield Ltd has also been ordered to pay prosecution costs of $70,060.  The charges relate to Sellafield's management of the security around its information technology systems between 2019 and 2023 and breaches of the Nuclear Industries Security Regulations 2003.  Sellafield is one of Europe's largest industrial complexes, managing more radioactive waste than any other nuclear facility worldwide.  According to experts, a successful cyberattack could have resulted in severe consequences to the nuclear plant as a result of Sellafield Ltd's failings.  This included disruption to the nuclear plant's operations, damaged facilities, delayed decommissioning, and the loss or compromise of critical data systems.  A 2023 inspection concluded that a successful ransomware attack could impact important high-hazard risk reduction work at the site, with the full recovery of IT operations taking up to 18 months.  It was noted that there is no evidence that threat actors have exploited any of the cybersecurity vulnerabilities identified at Sellafield.

Infosecurity Magazine reports: "Sellafield Fined for Cybersecurity Failures at Nuclear Site"