Monday, 2 January 2017

Nuclear's overlooked insecurity

Just after Christmas, the Times’ science correspondent Oliver Moody's provided a public and political service in exposing the worrying inadequacies of Britain’s  nuclear safety and security regulator, the Office for Nuclear Regulation (ONR). (“.Dozens of nuclear blunders ‘ignored’,” Dec. 27)
But whilst the article concentrated mainly  on safety concerns, there are several security issues unresolved.
In ONR’s latest annual report it records on page 39 that “There are areas where the duty holder’s security arrangements did not fully meet regulatory expectations.” Additionally on page 33 it reports” regarding the Sellafield facility “a requirement to improve processes in place for Cyber Security and Information Assurance (CS&IA) was identified. A contributory factor in this area was associated with a lack of resource within CS&IA capability.” (

In the past month I have raised these concerns at a nuclear policy roundtable seminar at the Politics Department at Cambridge University (which included several academic specialists anda former Energy Secretary),  with senior ONR and Sellafield security officials at meetings of ONR stakeholders and at a Nuclear Security Roundtable of the Security Awareness Special Interest Group (SASIG), as well as at a nuclear stakeholder forum of the Department for Business, Energy and  Industrial Strategy (BEIS) on 19 December, at which Baroness Lucy Neville-Rolfe made her final appearance as energy minister, before being moved to the Treasury two days later, to be replaced by Lord Prior of Brampton.

Baroness Neville-Rolfe made a presentation( on Dec 6th to the virtually unreported International Conference on Nuclear Security, hosted in early December for a week  in Vienna by the UN’s  nuclear watchdog, the International Atomic Energy Agency (IAEA) (, during which she spent far more time promoting the British nuclear industry than addressing nuclear security.  

Indeed, even her announcement that the UK “will make a further contribution of at least £5.5 million before the end of March 2017” to the IAEA Nuclear Security Fund, should be put into the context that BEIS and the Treasury have had committed at least £370 m to support proliferation-risky and insecure Small Modular Reactor (SMR) development in  the past year. 

A report, Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities, ( issued by the Washington DC-based  Nuclear Threat Initiative at the same IAEA conference, reveals  in an annex that the UK  nuclear sector has suffered two significant cyber security failures, in June 1999 at the Bradwell Nuclear Power Plant, when an employee intentionally “altered/destroyed data;” and in September 1991 at Sellafield, when a software bug lead to “unauthorized opening of doors.”  

The report- whose authoritative authors comprise Alexandra Van Dine who has presented research on cybersecurity at nuclear facilities at US Strategic Command and Los Alamos National Laboratory;  Michael Assante who held a number of high-level positions with the Idaho National Laboratory and served as Vice President and Chief Security Officer for American Electric Power, and has. provided briefings on the latest technology and security threats to the US National Security Advisor, Chairman of the Joint Chiefs of Staff, Director of the National Security Agency; and Dr  Page Stoutland who has  held senior positions at the Lawrence Livermore National Laboratory (LLNL),  and has  served as the Director of the Chemical and Biological National Security Program and at Los Alamos National Laboratory – asserts  worryingly “The global community is in the early stages of understanding the
magnitude of the cyber threat. In many ways, humans have created systems that are too complex to manage; in most cases, risks cannot even be quantified.” 

In a forward to the report, experienced former US Senator Sam Nunn, now NTI co-chairman, writes: “Governments and industry simply must get ahead of this rapidly evolving global threat. There’s no doubt that nuclear facility operators and regulators are aware of the threat. Unfortunately, many of the traditional methods of cyber defense at nuclear facilities—including firewalls, antivirus technology, and air gaps—are no longer enough to match today’s dynamic threats. As the renowned cryptographer Bruce Schneier said, ‘Today’s NSA secrets become tomorrow’s Ph.D. theses and the next day’s hacker tools’.”

Backing up this assessment is UK Security minister Ben Wallace, who said in a wide-ranging  interview on the terrorism threat in the Sunday Times on 1st January that  Our “greatest vulnerability” is to cyber-attacks, and the range and frequency of attacks by Britain’s enemies is “quite breathtaking, adding that ”Big companies and banks are not taking the threat seriously enough.” (“Isis plotting chemical attack on UK,”

Just over five years ago, on 10 November 2011, ONR published a 31-page report as part of its Generic Design  Assessment (GDA) of one of the new reactor designs  nuclear vendors want to build in the UK, called ‘ Step 4 Security Assessment of the Westinghouse AP1000® Reactor’. ( 

The Executive Summary at page iii contains the following section:

“Overall, based on the review undertaken we are satisfied that the claims, arguments and evidence laid down within the documentation submitted as part of the Generic Design Assessment process presents an adequate security case for the generic AP1000 reactor design. The AP1000 reactor is therefore considered suitable from a security perspective for construction in the UK, subject to satisfactory progression and resolution of Generic Design Assessment Findings…” (emphasis added)  

But it also points out that “a number of plant items have been agreed with Westinghouse as being outside the scope of the Generic Design Assessment process and hence have not been included in the assessment.”

Readers may be surprised to learn these exclusions include ( but are not limited to) as set out at paragraph 4 on page 1:

“the physical security measures for the High Security Area (HSA) boundary within which the nuclear island will be contained, and the long-term storage facilities for spent nuclear fuel and intermediate level waste.”

Later the report at paragraph 16 on page 4 reveals “Aircraft Impact is not considered as a part of the Security Assessment.” But clarifies “However, this subject is addressed under the Civil Engineering and External Hazards topic areas and detailed in the 244-page Step 4 Assessment Report ONR-GDA-AR-11-002” (

The report also admits at paragraph 35 on page 8 that “The Nuclear Industries Malicious Capabilities Planning Assumptions (NIMCA) document is protectively marked with a UK EYES ONLY caveat and could not be shared with Westinghouse, ” but added “However, the methodologies used to identify potential Vital Areas (Vas) were shared.”  

This means Westinghouse had to make educated guesses against which malicious  threats to plan, an approach that does not fill external analysts with confidence  in the robustness of the security measures being in-built into the reactor and associated facilities design. 

Adriènne Kelbie, the relatively new chief executive of the ONR who joined in January 2016, has a major job on her hands to ensure more robust nuclear security in the UK.


No comments:

Post a Comment