Just
after Christmas, the Times’ science
correspondent Oliver Moody's provided a public and political service in
exposing the worrying inadequacies of Britain’s nuclear safety and security regulator, the
Office for Nuclear Regulation (ONR). (“.Dozens of nuclear blunders ‘ignored’,” Dec.
27) http://www.thetimes.co.uk/edition/news/dozens-of-nuclar-blunders-ignored-qr6sxcp8w)
But
whilst the article concentrated mainly on safety concerns, there are several security
issues unresolved.
In
ONR’s latest annual report it records on page 39 that “There are areas where
the duty holder’s security arrangements did not fully meet regulatory
expectations.” Additionally on page 33 it reports” regarding the Sellafield
facility “a requirement to improve processes in place for Cyber Security and
Information Assurance (CS&IA) was identified. A contributory factor in this
area was associated with a lack of resource within CS&IA capability.” (http://www.onr.org.uk/documents/2016/annual-report-2015-16.pdf).
In
the past month I have raised these concerns at a nuclear policy roundtable
seminar at the Politics Department at Cambridge University (which included
several academic specialists anda former Energy Secretary), with senior ONR and Sellafield security
officials at meetings of ONR stakeholders and at a Nuclear Security Roundtable of the Security Awareness Special Interest
Group (SASIG), as well as at a nuclear stakeholder forum of the Department
for Business, Energy and Industrial Strategy (BEIS) on 19 December, at
which Baroness Lucy Neville-Rolfe made her final appearance as energy
minister, before being moved to the Treasury two days later, to be replaced by
Lord Prior of Brampton.
Baroness
Neville-Rolfe made a presentation( https://www.gov.uk/government/speeches/uk-statement-to-the-iaea-international-conference-on-nuclear-security) on Dec 6th to the virtually
unreported International
Conference on Nuclear Security, hosted in early December for a week
in Vienna by the UN’s nuclear watchdog, the International Atomic
Energy Agency (IAEA) (https://www.iaea.org/events/nuclear-security-conference), during which she
spent far more time promoting the British nuclear industry than addressing
nuclear security.
Indeed,
even her announcement that the UK “will make a further contribution of at least
£5.5 million before the end of March 2017” to the IAEA Nuclear Security Fund,
should be put into the context that BEIS and the Treasury have had committed at
least £370 m to support proliferation-risky and insecure Small Modular Reactor
(SMR) development in the past year.
A
report, Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear
Facilities, (http://www.nti.org/analysis/reports/outpacing-cyber-threats-priorities-cybersecurity-nuclear-facilities/) issued by the
Washington DC-based Nuclear Threat Initiative at the same IAEA
conference, reveals in an annex that the UK nuclear sector has
suffered two significant cyber security failures, in June
1999 at the Bradwell Nuclear Power Plant, when an employee intentionally
“altered/destroyed data;” and in September 1991 at Sellafield, when a software
bug lead to “unauthorized opening of doors.”
The report- whose authoritative
authors comprise Alexandra Van Dine who has presented
research on cybersecurity at nuclear facilities at US Strategic Command and Los
Alamos National Laboratory; Michael Assante who held a
number of high-level positions with the Idaho National Laboratory and served as
Vice President and Chief Security Officer for American Electric Power, and has.
provided briefings on the latest technology and security
threats to the US National Security Advisor, Chairman of the Joint Chiefs of Staff,
Director of the National Security Agency; and Dr Page
Stoutland who has held senior
positions at the Lawrence Livermore National Laboratory (LLNL), and has
served as the Director of the Chemical and Biological National Security
Program and at Los Alamos National Laboratory – asserts worryingly “The global community is in the
early stages of understanding the
magnitude of the cyber threat. In many
ways, humans have created systems that are too complex to manage; in most
cases, risks cannot even be quantified.”
In a forward to the report, experienced
former US Senator Sam Nunn, now NTI co-chairman, writes: “Governments and
industry simply must get ahead of this rapidly evolving global threat. There’s
no doubt that nuclear facility operators and regulators are aware of the
threat. Unfortunately, many of the traditional methods of cyber defense at nuclear
facilities—including firewalls, antivirus technology, and air gaps—are no
longer enough to match today’s dynamic threats. As the renowned cryptographer
Bruce Schneier said, ‘Today’s NSA secrets become tomorrow’s Ph.D. theses and
the next day’s hacker tools’.”
Backing up this assessment is
UK Security minister Ben Wallace, who said in a wide-ranging interview on the terrorism threat in the Sunday Times on 1st January
that “Our “greatest
vulnerability” is to cyber-attacks, and the range and frequency of attacks by
Britain’s enemies is “quite breathtaking, adding that ”Big companies and banks
are not taking the threat seriously enough.” (“Isis plotting chemical attack on UK,” www.thetimes.co.uk/article/isis-plotting-chemical-attack-on-uk-x7xz7xdkk)
Just over five years ago, on 10 November 2011, ONR published a
31-page report as part of its Generic Design Assessment (GDA) of one of the new reactor
designs nuclear vendors want to build in
the UK, called ‘ Step 4 Security Assessment of the
Westinghouse AP1000® Reactor’. (http://www.onr.org.uk/new-reactors/reports/step-four/technical-assessment/ap1000-sec-onr-gda-ar-11-015-r-rev-0.pdf).
The Executive Summary at page iii
contains the following section:
“Overall, based on the review
undertaken we are satisfied that the claims, arguments and evidence laid down
within the documentation submitted as part of the Generic Design Assessment
process presents an adequate security case for the generic AP1000 reactor
design. The AP1000 reactor is therefore
considered suitable from a security perspective for construction in the UK,
subject to satisfactory progression and resolution of Generic Design Assessment
Findings…” (emphasis added)
But it also points out that “a number
of plant items have been agreed with Westinghouse as being outside the scope of
the Generic Design Assessment process and hence have not been included in the
assessment.”
Readers may be surprised to learn these exclusions include ( but
are not limited to) as set out at paragraph 4 on page 1:
“the physical security measures for the High Security Area
(HSA) boundary within which the nuclear island will be contained, and the
long-term storage facilities for spent nuclear fuel and intermediate level
waste.”
Later the report at paragraph 16 on page 4 reveals “Aircraft
Impact is not considered as a part of the Security Assessment.” But clarifies “However,
this subject is addressed under the Civil Engineering and External Hazards
topic areas and detailed in the 244-page Step 4 Assessment Report
ONR-GDA-AR-11-002” (http://www.onr.org.uk/new-reactors/reports/step-four/technical-assessment/ap1000-ceeh-onr-gda-ar-11-002-r-rev-0.pdf)
The report also admits at paragraph 35 on page 8 that “The Nuclear
Industries Malicious Capabilities Planning Assumptions (NIMCA) document is
protectively marked with a UK EYES ONLY caveat and could not be shared with
Westinghouse, ” but added “However, the methodologies used to identify
potential Vital Areas (Vas) were shared.”
This means Westinghouse had to make educated guesses against
which malicious threats to plan, an approach
that does not fill external analysts with confidence in the robustness of the security measures
being in-built into the reactor and associated facilities design.
Adriènne Kelbie, the
relatively new chief executive of the ONR who joined in January 2016, has a
major job on her hands to ensure more robust nuclear security in the UK.
No comments:
Post a Comment