Saturday, March 04, 2023

UK
Revealed: 37 security breaches reported by nuclear police force over one year


Paul Dobson
Sat, 4 March 2023 

The CNC is an armed force that protects 10 civilian nuclear sites across the UK, including Torness and Dounreay in Scotland.

The police force that guards the UK’s nuclear plants reported 37 security breaches last year, including the thefts of a uniform, confidential documents, an officer’s day book and three “classified” Microsoft tablets.

Alongside the thefts, there were 12 instances of personal data being compromised, and a further 19 cases where staff lost their warrant or identity cards.

The findings were revealed in a freedom of information (FoI)request by the independent investigative journalism co-operative The Ferret, which asked the Civil Nuclear Constabulary (CNC) for details of security incidents in 2021-22.

The 37 incidents reported last year was the highest number for eight years.

The CNC is an armed force that protects 10 civilian nuclear sites across the UK, including Torness and Dounreay in Scotland.

It is also responsible for the security of nuclear energy material when it is being transported and says that countering terrorism is “at the heart” of its remit.

But campaigners said the force had allowed an “appalling litany of security breaches” that undermine the nuclear industry’s claim its sites are among the most secure in the country.

One activist argued that “few things could be worse than terrorists getting into a nuclear plant” and called for an “urgent inquiry into why the CNC are doing such a terrible job” of preventing security incidents.

The force said it takes security issues “extremely seriously” and has a “robust process” for dealing with reported breaches.

It claimed the majority of security incidents were “low level”, such as the “mistyping an email address or sending a document with the wrong security classification”.

All of the stolen items were taken from vehicles, according to the FoI response. The tablets – which are listed as Microsoft Surface Pros – included classified information and were stolen while vehicles were outside secure premises.

The thefts of the day book and uniform, alongside the loss of the identity cards, are all listed as “low level breaches” by the force.

The CNC said these thefts had happened in two incidents when thieves accessed unmarked vehicles while they were parked at service stations. The tablets were encrypted and immediately wiped once the thefts were reported, it claimed. Examples of personal data being compromised include information being “incorrectly uploaded to a cloud platform” and correspondence being sent to personal email addresses or the wrong external team.

There was also an incident of “inappropriate access to and sharing of police information” but the FoI response does not provide any further information about this.

The CNC has more than 1,100 firearms officers at its disposal and has access to “over 10 different weapons systems’’.

The force has stationed armed police at non-military nuclear sites across the UK since 2005, after a decision was made to bulk up security at plants in the aftermath of the 9/11 attacks in the US. Its annual budget has grown by around £20m since 2016-17 and now sits at just over £120m. However, this increased spending power has not reduced the number of reported security breaches, which have more than doubled in the last six years.

In 2021, the Office for Nuclear Regulation (ONR) – which oversees the civil nuclear industry – also recorded the highest number of security issues at UK nuclear sites for at least 12 years.

The 456 incidents flagged to the ONR across the nuclear industry that year included unauthorised people gaining access to secure areas of plants and cybersecurity threats such as attacks using malicious software.

The growing number of security incidents comes at the same time that the UK Government has announced its ambition to boost production of nuclear energy.

It wants to build 24 gigawatts of new nuclear power capacity by 2050. One new station – Hinkley Point C in Somerset – is already under construction, while another – Sizewell C in Suffolk – has received planning permission.

Dr Paul Dorfman, chairman of the Nuclear Consulting Group, said he was “hugely concerned about the wisdom of this strategy” at a time when “security incidents are on the rise”. He claimed that renewable technologies are a “cheaper, quicker and safer” option to reach climate targets than nuclear energy.

Richard Dixon, the former director of Friends of the Earth Scotland, questioned whether the breaches meant “any old terrorist can simply buy a security badge and a uniform down the local pub”.

‘Can any old terrorist buy a security badge and uniform down the local pub?’

He added: “This is an appalling litany of security breaches. Because of the risk of terrorist attack, the nuclear industry always tells you their sites are among the most secure in the country”.

Julie Carlisle, a data protection officer for the CNC, said the increase in reporting in 2021-22 is “considered a positive thing” as it “demonstrates the security culture” at the force, adding: “Since the two thefts from vehicles, we have reiterated the message to all employees that no CNC property, including uniform, must be left when a vehicle is unattended and we’ve seen no further incidents. The CNC takes any potential security issues extremely seriously and has a robust and tested process for recording and dealing reported breaches.”

No comments: