advertisement


Sellafield hacked

paulfromcamden

paulfromcamden

Baffled
This seems less than ideal:

- Sellafield hacked by Chinese and Russian groups
- Activity since at least 2015 but no one seems quite sure
- Allegations of a widespread cover up
- No one seems to know how much malware currently remains
- Current systems so insecure it's been suggested they should be completely abandoned and replaced with systems at a separate secure facility.

www.theguardian.com

Sellafield nuclear site hacked by groups linked to Russia and China

Exclusive: Malware may still be present and potential effects have been covered up by staff, investigation reveals
www.theguardian.com www.theguardian.com
 
The obvious question is why the f*** is Sellafield on the internet? It's about time industries and companies woke up to this. What isn't accessible through the internet can't be hacked.
 
Is Sellafield not just a (radioactive) waste storage site now? Some reprocessing, which is hardly likely to be a problem?

That said, having worked at a UK nuclear site, it does surprise me, unless the story is awry (quelle surprise that would be, not). Where I worked there were internal IT systems, then an air gap to exterior/www systems, you couldn't access both from the same building.,
There were/are 3 ssperate securty areas and they were/are not linked electronically, and only one to the outside world.
 
kensalriser said:
The obvious question is why the f*** is Sellafield on the internet? It's about time industries and companies woke up to this. What isn't accessible through the internet can't be hacked.
Click to expand...
Good question. I wonder if it is directly on the internet. It's not hard to imagine monitoring systems etc having connectivity over private lines to other government sites that may themselves have been compromised.
 
kensalriser said:
The obvious question is why the f*** is Sellafield on the internet? It's about time industries and companies woke up to this. What isn't accessible through the internet can't be hacked.
Click to expand...
Surely the answer to that has to be the internet is resilient.
 
This story from El Reg last year made me smile.

BT wins networking contract for UK nuclear site Sellafield

Wide and local area network services are covered, as are core and gateway services, telephony, and cybersecurity. Conferencing technology is also included and Sellafield Ltd is eyeing a future involving IoT and 5G.

Part of the site's digital transformation will include the "capability to overlay new technologies such as Artificial Intelligence," the country's dominant telco said.

Still, Sellafield Ltd have put out a press release saying the Graun made it all up, they've not been pwned by Russian malware and click here to meet horny local housewives.

www.theregister.com

BT wins $39m contract for networking at Sellafield

Paving the way for the role of AI in the future of nuclear waste processing
www.theregister.com www.theregister.com
 
You have to be very strict on no laptops, tablets, smartphones and smartwatches on the premises. That has to include VVIP visitors who never understand that they are the most likely malware distributors. Modern cars with network connectivity are another leak.
 
The unpaid liability of Sellafield is said to be close to £250bn now

The U.S. Institute for Resource and Security Studies has called Sellafield “one of the world’s most dangerous concentrations of long-lived radioactive materials.” Sellafield is vulnerable to a variety of risks: natural catastrophes could compromise the cooling systems, human error and negligence could cause fires, explosions or other types of accidents. The compound could be a target of a terrorist or a hacker attack, and even a computer virus could potentially trigger a catastrophe.
 
paulfromcamden said:
Allegations of a widespread cover up
Click to expand...
Cover-up and Windscale go hand in glove. They didn't change the name of the place for nothing, it was all about washing away the stench. E.g.:

www.theguardian.com

Sellafield kept body parts of dead workers

The government will announce an independent inquiry today into claims that body parts of workers who died in suspicious circumstances at Sellafield and other nuclear plants were secretly taken for medical examination without their families' consent for more than 30 years.
www.theguardian.com www.theguardian.com
 
paulfromcamden said:
So are properly designed private TCP/IP networks. No magic to the interweb - it's just
Vinny said:
Is Sellafield not just a (radioactive) waste storage site now? Some reprocessing, which is hardly likely to be a problem?

That said, having worked at a UK nuclear site, it does surprise me, unless the story is awry (quelle surprise that would be, not). Where I worked there were internal IT systems, then an air gap to exterior/www systems, you couldn't access both from the same building.,
There were/are 3 ssperate securty areas and they were/are not linked electronically, and only one to the outside world.
Click to expand...

That's my experience of the place too - not fully convinced by the article
Click to expand...
 
Nero said:
Agreed. But it was never designed to be secure. In fact, the opposite.
Click to expand...
The Internet is unsecure by its very nature. It is a collection of interconnected autonomous networks. You never know where nor who is monitoring/harvesting your data.

A private network is just that private and is unrelated to the Internet the only similarity being the use of routers/firewalls/switches etc and IP. Of course you can have remote users access your private IP network over their Internet service and that is where you have to implement strict and often complex security. I used to design this stuff and have worked on some of the largest and most complex IT projects on this planet. This level of security and associated resilience is expensive and sometimes management go for a cheaper implementation from another bidder that cuts corners.

DV
 
More on the Windscale safety concerns

GMB union says urgent action needed to tackle safety concerns at Sellafield


“GMB has repeatedly raised concerns over safety and staffing levels, which are mainly due to turnover and the age and demographic of the workforce,” Prendergast wrote.

A senior industry source has said that a hardcore of longstanding Sellafield employees who are resistant to change have been nicknamed “We Bees” – short for “we be here when you be gone”. Several sources have cited the area’s insular community and reliance on Sellafield for well-paid employment as a barrier to change.

www.theguardian.com

GMB union says urgent action needed to tackle safety concerns at Sellafield

Guardian investigation has revealed areas that need attention at nuclear site in Cumbria
www.theguardian.com www.theguardian.com
 
Darth Vader said:
The Internet is unsecure by its very nature. It is a collection of interconnected autonomous networks. You never know where nor who is monitoring/harvesting your data.

A private network is just that private and is unrelated to the Internet the only similarity being the use of routers/firewalls/switches etc and IP. Of course you can have remote users access your private IP network over their Internet service and that is where you have to implement strict and often complex security. I used to design this stuff and have worked on some of the largest and most complex IT projects on this planet. This level of security and associated resilience is expensive and sometimes management go for a cheaper implementation from another bidder that cuts corners.

DV
Click to expand...
At the end of the day the most secure gear in the world is only as good as the processes and change management put in place around it.

Pressure from management to "just make it work" can also lead to hacks, kludges and 'temporary' fixes that compromise security.

The reports of contractors using their own USB sticks and confidential details being displayed on a screen during an episode of Countryfile(!) don't inspire confidence that best practice was being followed.
 
You must log in or register to reply here.


advertisement


Back
Top