Sellafield Ltd’s regulatory attention level for cyber security has improved after substantial progress was made by the licensee.
The Office for Nuclear Regulation's specialist inspectors have regularly engaged with Sellafield as it evolves its cyber security strategy and produces an ongoing delivery programme to address identified shortfalls and their root causes.
This increased regulatory focus, along with Sellafield's additional resources and senior leadership now giving cyber security the level of attention and focus it requires, has helped better governance and management practices become embedded in the organisation during the past two years.
Demonstrable evidence has provided ONR with increased confidence that cyber risks are currently being more appropriately managed.
The appointment of a new Chief Information Security Officer has further reinforced Sellafield’s strategic direction, ensuring cyber security continues to underpin safe and secure nuclear operations.
Paul Dicks, ONR Director of Regulation, said: "This move from significantly enhanced to an enhanced regulatory attention level represents positive progress.
"Through our enabling regulatory approach, we have worked with Sellafield and observed notable improvements across their cyber security arrangements.
"Further work is still required by Sellafield before a potential return to a routine regulatory attention level, and we will continue to hold them to account.
“However, we are encouraged by Sellafield’s commitment to addressing the outstanding issues.”
ONR has three regulatory attention levels: significantly enhanced, enhanced and routine. Before a positive change to attention level can be implemented, ONR requires evidence of sustained improvement over a prolonged period.
Sellafield Ltd was placed into significant enhanced attention for cyber in 2021/22.
ONR works closely with industry to drive continuous improvement in cyber security and our regular engagements with dutyholders emphasise the need to keep investing in cyber security to protect against the ever-changing threat landscape.
Technology is evolving and there is an increasing requirement within the nuclear sector to integrate IT and operational technology for better outcomes and reduced risk.
ONR has launched thematic interventions clarifying expectations in this area and offers industry leading advice and guidance with support from its specialist inspectors and cyber security consultancies.