The Department for Business, Energy and Industrial Strategy has refuted a claim made by The Guardian newspaper yesterday that the Sellafield nuclear power station has been hacked by “cyber groups closely linked to Russia and China.”
The Guardian’s story claimed that Sellafield, “the UK’s most hazardous nuclear site,” has been subject to security breaches dating back to at least 2015, with malware potentially embedded in the site’s systems ever since. The Guardian’s story claimed authorities did not know an exact date when the breaches first occurred.
The paper added that “sources suggest it is likely foreign hackers have accessed the highest echelons of confidential material at the site, which sprawls across 6 sq km (2 sq miles) on the Cumbrian coast and is one of the most hazardous in the world” and that “the astonishing disclosure and its potential effects have been consistently covered up by senior staff at the vast nuclear waste and decommissioning site, the investigation has found.”
Responding to the claims the government said on an official statement on the gov.uk website: “We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian.
“Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.
“This was confirmed to the Guardian well in advance of publication, along with rebuttals to a number of other inaccuracies in their reporting.
“We have asked the Guardian to provide evidence related to this alleged attack so we can investigate. They have failed to provide this.
“We take cyber security extremely seriously at Sellafield.
“All of our systems and servers have multiple layers of protection.
“Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”
