I would like to request a breakdown of cyber-attacks in the nuclear sector since 1 January 2015. I would like the figures to be broken to show:
I confirm that under Section 1 of the FOIA we hold the information requested.
Civil Nuclear duty holders are required to report certain events and matters related to cyber security to us as specified under Regulation 10, 18 and 22 of the Nuclear Industries Security Regulations (NISR) 2003. Reports are submitted using an Incident Notification Form 1 (INF 1).
Please see the table, reproduced below, detailing the information you require which has been extracted from the database containing the INF1 notifications and covers the period 1 January 2015 to 31 October 2021.
|Year||Number of Confirmed Cyber-attacks*||Entity|
|2016||1||Power station/Decommissioning site|
|2020||3||Research facility, Decommissioning site, Corporate offices|
*The meaning of a cyber-attack is taken from the following National Cyber Security Centre (NCSC) definition “Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.”
You may wish to refer to the FOI releases on our website to view previous similar requests.