The UK government’s nuclear safety watchdog, the Office for Nuclear Regulation (ONR), has put nuclear company EDF Energy on notice over its cybersecurity practices.
In the chief nuclear inspector’s annual report on Great Britain’s nuclear industry, which details the performance of the industry during the previous financial year, including positive achievements and shortfalls where they are identified, the ONR stated that EDF Energy has been placed on ‘significantly enhanced regulatory attention’ after an inspection into its cybersecurity practices.
The ONR decision to closely study the cyber credentials of a nuclear power station operator in the UK is a reflection of growing tensions about the cyber actions of hostile nation states, and follows action taken in July 2022 when EDF was placed under 'enhanced attention' by the ONR which had identified shortfalls in its cybersecurity plans. The ONR is taking this new action due to the findings of routine inspections over the past 12 months.
EDF has been cited for not providing the inspector with a ‘comprehensive and fully resourced cyber security improvement plan, as agreed, by the end of March’ the report states. ONR judged that EDF’s delivery of their cyber improvement programme had not progressed in line with commitments made and so moved them into a level of significantly enhanced attention for cyber security.
‘EDF has made two new appointments to specifically address cyber security,’ the report stated. ‘We have subsequently met with EDF senior team to ensure regulatory expectations are understood.’ It is understood that the ONR’s decision to change the level of attention to ‘significantly enhanced’ is not related to any specific cyber event, but is more concerned with EDF’s ability to demonstrate its systems are robust, and that this plan is now in place and has been copied to the ONR.
EDF has insisted that ‘there is no risk to plant safety at our power stations’ and that it has confidence in the robust cyber security arrangements it has in place.
‘We also recognise the importance of information security and the risks associated with loss of information. Cyber security is a dynamic issue for all organisations and we will continually improve how we manage it to allow scrutiny to return to a routine level in the future’ said EDF in a company statement.
Linkedin
