Once a marvel of modern technology, producing almost infinite amounts of electricity from the splitting of the atom, to a doomsday scenario threatening the very existence of mankind, nuclear power has certainly seen ups and downs.
Tell me about your role at Sellafield?
My role is multifaceted and, as the title “Environmental Safety and Security” suggests, this includes environmental protection and broader sustainability, taking a longer term view of our impact on the environment.
I characterize Sellafield’s purpose as creating a clean and safe environment for future generations. Within this we have three strategic themes – one is the safe, sustainable and sustainable stewardship of the site, day to day (we only have to sneeze and there are repercussions). The other is progress (high-risk risk reduction) at pace. And then, finally, there’s lifetime optimization – it’s public money. These three themes are globally complementary but can create ambiguity for me; for example, managing the environmental impact of major capital construction against the necessarily stringent requirements of nuclear safety. Reducing risk at pace is clearly what we want to do given that Sellafield is one of the biggest and most dangerous venues in the world, but pace itself can lead to risk if not managed properly. appropriate manner – nuclear safety will always remain our primary concern. And then, of course, as a component of that, there’s cyber.
Have you seen an increase in the number of cyberattacks since COVID and the war in Ukraine?
No. It’s largely thousands of generic attempts that bounce off our defensive abilities. We’ve seen exploit attempts related to cybersecurity, but when it comes to exploit attempts on our IT or OT, it’s more about people trying to manipulate data for money. This is where we see it coming as a quasi-cyber domain. Whether by mistake and by e-mail, our greatest risk remains human. So we see low level activity but we haven’t seen high level activity and of course given the nature of Sellafield we not only have our own defenses but we have agency support organizations such as the NCSC; so there are a variety of measures in place around us.
Your job in Sellafield is to protect an area of 265 hectares and 1000 buildings with over 200 nuclear installations. It is the largest nuclear site in Europe with the most diverse range of nuclear installations in the world grouped together on a single site. What are the IT issues?
It gives a picture and of course a lot of the challenge we face is a legacy. So a story of materials for conventional weapons in the past, in the 1940s and 1950s, then in materials for the bomb, then in energy production. In the future, it is then a question of reprocessing it and getting rid of the danger and storing the material on one of the largest quantities in the world.
We have everything from very modern to very old. So, when cyber is considered, there are a number of complexities. For example patches – yes of course we seek to patch but a number of our systems are historical and cannot be patched and you can’t just replace the system so you have to balance the risk. “Well, if I can’t do that with the system and it has a potential vulnerability, what else can I do?” So, if necessary, we adopt other measures, ranging from isolation from the Internet and the intranet, to complete monitoring and reinforced physical access measures.
So our approach to cybersecurity has been somewhat unusual in that you start, usually from the inside (protect the “crown jewels”) with a comprehensive understanding of all the detailed risks associated with 200 nuclear facilities, and then leave. But our risk assessment and where we identified the greatest benefit led to an approach that I generalize as outside-in; protect from access to the Internet, then to the intranet, then to focus on the specifics of the installation.
Is it therefore the search for vulnerabilities via pentesting? The red team?
With an understanding of the threat, we started by asking ourselves “where is the critical vulnerability?” Is it in the internet connection? If so, let’s make sure we have sufficient protection against the Internet. Then we go to a middle layer of, on the right, now it’s the interconnection of our business systems in the facilities and protect that ring. Finally, let’s get to the facilities themselves and do the kind of detailed protection needed at this level. So, we are progressing through that and now we are getting into the details of the facilities.