Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United Kingdom

Sellafield, World's Largest Store of Plutonium, Apologizes After Guilty Plea Over String of Cybersecurity Failings (theguardian.com) 27

Bruce66423 writes: Sellafield [U.K.'s largest nuclear site] has apologised after pleading guilty to criminal charges relating to a string of cybersecurity failings at Britain's most hazardous nuclear site, which it admitted could have threatened national security.

Among the failings at the vast nuclear waste dump in Cumbria was the discovery that 75% of its computer servers were vulnerable to cyber-attacks, Westminster magistrates court in London heard. Information that could threaten national security was left exposed for four years, the nuclear watchdog revealed, and Sellafield said it had been performing critical IT health checks that were not, in fact, being carried out.

The Guardian's investigation also revealed concerns about external contractors being able to plug memory sticks into Sellafield's system while unsupervised and that its computer servers were deemed so insecure that the problem was nicknamed Voldemort after the Harry Potter villain because it was so sensitive and dangerous.

The good news is that the problem has been spotted. The bad news is that there can be no meaningful punishment for a government owned company. One can only hope that they will do better in the future.

This discussion has been archived. No new comments can be posted.

Sellafield, World's Largest Store of Plutonium, Apologizes After Guilty Plea Over String of Cybersecurity Failings

Comments Filter:
  • So, when's the next sale?

    • Well, so far the recently incoming government discovered: £22 billion of hidden spending that had been lost by the various departments that were legally obliged to report it, 200k extra people for the waiting lists for essential operations, a cost of £700 million (that's $1 billion between friends) for shipping four people off to Rwanda and a massive racist hate network.

      So my prediction is that the previous Conservative government already sold it to North Korea and Somalia in return for what is

    • So, when's the next sale?

      How do we get rid of nuclear waste right away? Give women coupons for it!

  • Now they just need a Delorean and a flux capacitor so they can go back in time and patch their servers!

  • There must be someone at fault to take the brunt. Should not be allowed to hide behind a company when the problems are so extreme.
    • Perhaps the UK (Score:5, Interesting)

      by omnichad ( 1198475 ) on Friday August 09, 2024 @12:04PM (#64692858) Homepage

      Governments cut costs by having 3rd party contractors do things. Part of that is because if they did it themselves, they would have to do it right and there would be no cost savings.

      And then the company gets targeted as hard as a nation-state without having the resources to defend itself. While it's true they probably failed basic security, they would still be an equally large target regardless.

      • The virtue of such an approach - as in this case - is that there is clear accountability for the failures. The contractor needs to be BIG - with serious security credentials, and be paid a lot of money for doing the job. The reality here appears that Sellafield didn't have it outsourced, and the numpty who was responsible proved to be either out of their depth or was refused sufficient resources to do it right. Or both. Given how little the public sector tends to pay for IT specialists, I'm betting on 'nump

      • Re:Perhaps the UK (Score:5, Interesting)

        by Roger W Moore ( 538166 ) on Friday August 09, 2024 @02:33PM (#64693184) Journal

        Governments cut costs by having 3rd party contractors do things.

        Ok, then fine and imprison the execs of these companies who failed to do things properly and perhaps the next time there is a competition the bids that come in will be vastly more realistic since those making them will know that if they grossly underbid and fail to deliver they may end up with a hefty prison sentences for breaching national security requirements.

        I'm all for using private companies to reduce unnecessary costs but there has to be some strong incentive to ensure that they do not sacrifice necessary costs so they can make more profit.

        • As it turns out, Sellafield Ltd. is not a private company - they are fully under the UK government.

  • by account_deleted ( 4530225 ) on Friday August 09, 2024 @12:08PM (#64692870)
    Comment removed based on user account deletion
    • Fortunately things like uranium and plutonium are heavy. If it gets spilled, it falls down into the dirt pretty quick.
      • Fortunately things like uranium and plutonium are heavy. If it gets spilled, it falls down into the dirt pretty quick.

        I can tell from this excellent advice you are working for the UK Government as a nuclear expert. That's why I predicted that this would end up dumped into the North Sea as sewage. What can possibly go wrong?

    • by AmiMoJo ( 196126 )

      The whole place is a disaster. Endless nuclear accidents. This is no surprise at all, incompetence is their hallmark.

  • Information Technology is so hard even "Rocket Scientists" can't do it!

    Proving again you can be smart and stupid at the same time.
    Management everywhere is moronic. Save money, said every MBA, everywhere, by outsourcing.

    Also, ahem, why isn't the word "Microsoft" mentioned anywhere?
    Whenever there's a hack these days, they magically forget to mention which software was hacked, and it's nearly always {microsoft, cisco, vmware}.
    In this case, it's obviously MS. Consequences? Nowhere in sight.

    Not a big deal. Just
    • Comment removed based on user account deletion
    • TFA says

      Sensitive nuclear information (SNI), the industry’s special classification system, was left vulnerable in part because of the use of “obsolete” technology including Windows 7 and Windows 2008

      - do they really need to spell out "Microsoft"?

      • I stand corrected.

        Also, I was right, somehow, and without even reading:
        Microsoft is at the centre of this problem ONCE AGAIN.

        I do believe the brain-outsourcing comment still stands.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Microsoft literally has exceptions in their terms for Windows and many of their other major software products for use for critical industry. I am paraphrasing here but it essentially says - our software is not designed for critical infrastructure, and the most you can sue for is $5 dollars. Yup Microsoft makes CrowdStrike's $10 gift certs look generous.

      I don't know but I would not be the least be surprised if the same language is in their Government Cloud offerings. Its a nice little game, nobody will eve

    • Information Technology is so hard even "Rocket Scientists" can't do it!

      These guys are not rocket scientists they are warehouse operators and the only way they'll ever find themselves in space is if they screw up even worse than they already have.

  • If there's no retribution there will be no solution. What kind of enquiry can't find anyone accountable ?
  • by sinij ( 911942 ) on Friday August 09, 2024 @12:45PM (#64692928)
    I knew I should have used alias when I mail ordered Plutonium. Now my data is all over internet. Damn it.
  • Information that could threaten national security was left exposed for four years, the nuclear watchdog revealed, and Sellafield said it had been performing critical IT health checks that were not, in fact, being carried out.

    The people behind these false reports need some time in jail. Otherwise, this simply won't change.

  • The Q though. (Score:5, Insightful)

    by bumblebees ( 1262534 ) on Friday August 09, 2024 @02:02PM (#64693120)
    Why do they need to be online. Im sure they dont have so much incentory changes in a week that it cant be airgaped and synced with just a usb stick once or twice a week
  • ... deployed locally all over the country will be secured so much more diligently than this. Absolutely impossible to think of any of those facilities supplying makers of a "dirty bomb" with the stuff they long for.

The computer is to the information industry roughly what the central power station is to the electrical industry. -- Peter Drucker

Working...