The Guardian newspaper has recently published two articles about the UK Nuclear Decommissioning Authority’s (NDA’s) Sellafield site, both of which have been strongly repudiated by Sellafield Ltd.
The first article alleged that “the UK’s most hazardous nuclear site, Sellafield, has been hacked into by cyber groups closely linked to Russia and China”. Citing unnamed sources, the paper said “the astonishing disclosure and its potential effects have been consistently covered up by senior staff”.
It continues: “The authorities do not know exactly when the IT systems were first compromised. But sources said breaches were first detected as far back as 2015, when experts realised sleeper malware … had been embedded in Sellafield’s computer networks.”
The unnamed “sources” suggest foreign hackers “have accessed the highest echelons of confidential material at the site”.
The “revelations” apparently “emerged in Nuclear Leaks, a year-long Guardian investigation into cyber hacking, radioactive contamination and toxic workplace culture at Sellafield”.
Sellafield’s response said “We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian.” It continued: “Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system. This was confirmed to the Guardian well in advance of publication, along with rebuttals to a number of other inaccuracies in their reporting.
We have asked the Guardian to provide evidence related to this alleged attack so we can investigate. They have failed to provide this.”
It added: “We take cyber security extremely seriously at Sellafield.
All of our systems and servers have multiple layers of protection. Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”
The second Guardian report, citing unnamed scientists, employees and diplomats alleged that Sellafield “has a worsening leak from a huge silo of radioactive waste that could pose a risk to the public”.
It said “the leak of radioactive liquid from one of the ‘highest nuclear hazards in the UK’ – a decaying building at the vast Cumbrian site known as the Magnox swarf storage Silo (MSSS) – is likely to continue to 2050.” That “could have ‘potentially significant consequences’ if it gathers pace, risking contaminating groundwater, according to an official document”. The lengthy article continues with further allegations about safety violations.
In response, Sellafield Ltd said : “There is no elevated risk to public safety as result of the issues reported by the Guardian.” It noted: “We are fully open and transparent about the risks and hazards on our site. All of the issues referenced in the Guardian are known about and are being addressed with the support of our regulator.
We routinely publish updates on our website and share these for scrutiny at public meetings. Our safety statistics are published every year in our annual review of performance.
The response continued: “We continue to make progress in addressing the risks posed by our highest hazard facilities. For the first time ever, we are routinely removing legacy waste from all of our highest priority buildings, including two referenced by the Guardian. The nature of our site means that until we complete our mission, our highest hazard facilities will always pose a risk.”
Further articles are expected from the Guardian. Sellafield commented: “As part of its ongoing series, we understand the Guardian is preparing to publish a report on workplace culture at Sellafield. A number of allegations are likely to be raised. We have asked for more information so we can investigate and intervene as necessary, particularly if employees need targeted support. Evidence has not been provided.”
Sellafield also said: “We have been open about historic cultural issues and our work to address them. Our regulator has confirmed these issues have not resulted in any increased risk to safety at Sellafield. Work in this area prioritises health and wellbeing, diversity and inclusion, and eradicating bullying and harassment.”
In addition: “Whistle blowers are respected, protected, and valued at Sellafield and we actively encourage employees to report matters of concern. Without exception, issues raised are taken seriously, investigated appropriately, and treated confidentially. Any employees with concerns can raise them via our independently operated whistleblowing hotline, Safecall.”
UK Energy Secretary Claire Coutinho has asked for an explanation on the reports of an alleged cyber attack at Sellafield. She has written to the Nuclear Decommissioning Authority (NDA) over the "serious and concerning" allegations at the site and has asked for the matter to be given "urgent attention". She posted a copy of her letter on X, (formerly Twitter) in which she demanded an explanation from NDA, the Office for Nuclear Regulation and the Cabinet Office's National Centre for Cyber Security.
Image: The Sellafield site in Cumbria
