I am writing to submit an FOI request regarding nuclear sites around the UK. Would you please provide me the following for each active nuclear power station in the UK. Please state which of these you are referring to with the following:
A) Safety reports from the three most recent inspections
B) Any documents produced related to improvements at these sites.
C) Flag which of these have reported data breaches.
D) Any documents relating to these data breaches, and responses to these.
E) Provide a description of the breach, what was lost and the circumstances under which it was lost.
A) Please do reduce the time-frame to 12 months, from the date you receive this email.
B) I wish to be provided copies of reports where inspectors flagged areas that required improvement or problems at these sites.
C) Please do provide copies of documents noted above that contains this material.
D) In regards to data breaches I would ask that cases of cyber attacks, cybersecurity breaches, malware or however the ONR would record incidents where power station systems were affected.
Please refer to the Intervention records pages on our website for the information you require for the various sites .
Intervention records are written by our inspectors following visits to the sites we regulate. They are used to record findings and, if appropriate, any significant actions we require the site operator to carry out in order to improve matters.
Publishing executive summaries of these reports is one part of ONR's aim to be open and transparent by helping all of our stakeholders, including the public, understand our work.
ONR neither confirms nor denies that it holds information relating to cyber attacks and malware. The rationale for this decision is that under Section 24(2) - safeguarding national security of the FOIA, information that relates to the purposes of safeguarding national security and which may be of use to terrorists and other hostile actors, is exempt from disclosure.As Section 24 is a qualified exemption, we are required to balance the public interest between disclosure
and non-disclosure. We have therefore applied the Public Interest Test, as set out below:
Issues related to the nuclear industry are subject to close scrutiny and debate, there is a public interest in information related to nuclear activities and the release of such information. The information may provide reassurance to the public about the safety of nuclear installations. It may also facilitate the accountability and transparency of ONR for decisions taken by them as a regulator and enforcing authority of the nuclear industry.
Information that relates to the purposes of safeguarding national security and which may be of use to terrorists and other hostile actors is exempt from disclosure. The specific details of these events could provide an adversary with information that enables them to develop intelligence which may help them defeat security arrangements. In particular, disclosing when a cyber security incident has been reported to ONR, gives adversaries an indication as to the effectiveness of cyber incident detection by duty holders. Paragraph 13 of Section 24(1) makes it clear that there need be no evidence that an attack is imminent for this exemption to be applied.
After careful consideration of the factors set out above, ONR has concluded that the information should be withheld. On balance, the interests of national security outweigh the need for openness in terms of the specific information that you have requested.
Therefore, it is ONR’s judgement that publication of the information requested would not be in the public interest.
Yes, please see above.