Cyber security at Sellafield
Playing a crucial role in keeping the nuclear site safe and secure
Keeping Sellafield site safe and secure is a nationally important priority and governs the decisions that Sellafield Ltd makes every day.
The West Cumbrian site is one of the biggest environmental remediation challenges in Europe. Covering two-square miles and home to more than 200 nuclear facilities and over 1,000 buildings, the company’s focus is moving towards environmental remediation and accelerated clean-up of the site.
Playing an absolutely critical role in keeping the largest nuclear site in Britain secure is cyber security. Mark Neate, Sellafield Ltd’s Director of Environment, Safety and Security, describes how the company and its partners across the nuclear sector are protecting the country’s assets, including Sellafield, with the crucial input of cyber security.
Neate joined the company in 2012 following a diverse military career—from Parachute School to a Master’s Degree in Military Strategy— while spending a considerable time abroad as a specialist adviser.
He said: “Our business is nuclear and we obviously place security, including cyber security at the forefront of everything we do.
“At Sellafield we operate a world-class team of cyber analysts and responders constantly monitoring our systems night and day. Operating a sophisticated array of sensors and tools, they monitor vulnerabilities in systems, hunt for potential adversary activity based on global intelligence feeds.
“The training received by the team is intense, and covers areas such as network intrusion and detection, hacking techniques and exploits and incident handling. Also, each member of our team has their own area of specialism to ensure we have the widest range of skills available.
“A unique aspect to Sellafield is the range of technologies in use. Given that many of our plants were the first of their kind, built before digital technology, we have an unusual balance of analogue, early digital technologies and modern sophisticated systems with varying degrees of isolation and connectivity.
“Each member of our team has their own area of specialism to ensure we have the widest range of skills available”
“Our cyber security team work alongside our engineers and experts, drawing on a variety of sources of technical and threat information to ensure that our systems are not exploited.
“By working together, we ensure that layers of protection are in place so that we have the right systems, train our teams across the site regularly and everyone understands their role in keeping Sellafield safe.
“Our cyber security is also integrated into our wider emergency response and physical security resources and business continuity planning; other industries are learning a lot from this integrated approach.”
Sellafield Ltd also works alongside the Nuclear Decommissioning Authority (NDA), its parent company, in developing its cyber posture and is also very heavily engaged with the National Centre of Cyber Security (NCSC). “Joint working, advancing technology and learning from other attacks all help us become more secure, and we work with our partners across the nuclear industry, including our owners the NDA and with central government and the security agencies. This means we are supported by other security experts.”
Building on the work undertaken by Sellafield Ltd, as part of the training for future cyber security professionals, the NDA co-funded the first Cyber Lab classroom in Workington through its Cyber Security and Resilience Project.
This forms part of an NDA cyber programme that is designed to grow capability and capacity for the NDA estate and its businesses, with apprentices learning the latest in cyber safety and IT.
Neate said: “The new programme demonstrated a long-term commitment from the NDA on cyber security and it is looking to invest £80 million over the next five years in cyber safety.
“The knowledge and expertise of these home-grown apprentices will go a long way in helping to keep the NDA and its subsidiaries such as Sellafield Ltd, safe from the growing cyber threat, and supports the resource requirements for the nuclear industry in this market place.”
The NCSC is supporting Sellafield Ltd with its cyber journey and the mutual learning across the organisations, alongside the company’s supply chain, is helping to set industry standards.
Neate, who is a member of the Civil Nuclear Police Authority board said: “I’d like to highlight the benefit of extending the cyber threat, vulnerability and mitigation aperture to reflect a holistic approach which mirrors and complements the layers of safety defence in depth.
“Without such an approach, cyber solutions are potentially inefficient—effectiveness is achieved through realising the benefits of ‘safe and secure’ by design. One aspect of this consolidation is how at Sellafield we have embedded our Cyber Security Operations Centre, not as a stand-alone capability, but within our wider emergency planning and response construct.
“In conclusion, I can’t stress enough the importance of cyber security to any business, and I’m delighted at the work we are carrying out at Sellafield, alongside the NDA and many other partners, in helping to keep our industry safe and secure.”
This piece features in Prospect’s new cyber resilience supplement
We want to hear what you think about this article. Submit a letter to email@example.com