Executive Summary:
- In today’s technological world, cybersecurity must be considered in any physical security or asset hardening measures.
- Individuals and organizations, especially entities that work with hazardous materials, should prepare and implement security policies and asset hardening measures.
- In the UK, the Office for Nuclear Regulation (ONR) has taken Sellafield, a decommissioned nuclear power plant, out of special measures for physical security; however, government officials are still concerned with the facility’s cybersecurity.
- The reality and threat posed by “dirty bombs”, be they nuclear, biological or chemical, is very real.
- In addition to materials available at nuclear power plants, devices can also be made from commercial radioactive, biological and chemical sources used in medicine, industry, and scientific research.
- Experts advise that security improvements and asset hardening measures – both physical and cyber -should be prioritized and reflect the many sources that pose the greatest security risks.
- Consider contacting RMS International’s security professionals for a customized risk assessment.
Situation Report (SITREP):
The United Kingdom’s Office for Nuclear Regulation (ONR) has taken Sellafield, a decommissioned nuclear powerplant, out of special measures for physical security; however, government officials are still concerned with the facility’s cybersecurity. Sellafield, located in Cumbria northwest England, houses the world’s largest store of plutonium. The facility stores and treats nuclear waste derived from atomic power generation and weapons programs. Physical security measures have improved, allowing the ONR to downgrade the facility from “enhanced regulatory oversight” to routine inspections.
The nuclear facility received intense scrutiny in 2023, after a series of safety concerns were noted across the site. Sellafield experienced everything from issues with alarm systems to problems staffing safety roles at the toxic reservoirs. In addition, the facility experienced cybersecurity failures, radioactive contamination, and allegations of a toxic culture in the workplace.
Sellafield is listed among the UK’s critical infrastructure and key resources (CIKR). Media sources claim the facility’s network was previously penetrated by a group of hackers linked to Russia and China. The assailants embedded sleeper malware that can be used to spy on or attack systems. However, Sellafield’s operators maintain the facility was not subjected to a “successful” cyberattack.
Impact Analysis:
In the face of the multi-layered risks faced in today’s technological world, cybersecurity must be considered an integral part of any physical security or asset hardening measures. The two are intimately linked – as Sellafield so perfectly demonstrates. While constantly changing, the security and asset hardening situation at the facility has shown an improvement in physical security measures but a lack of proper cybersecurity hardening means that it will remain vulnerable to bad actors.
Rogue, unaccounted for nuclear weapons may seem like the content of a spy thriller, but the reality and threat posed by “dirty bombs” is very real. A dirty bomb is an improvised device developed using hazardous materials and conventional explosives. Whether made from discarded medical radiologic waste, readily available chemicals or a home-grown biologic, these bombs can create immediate chaos and destruction that lasts for weeks, months or even years.
In today’s increasingly hostile and internationally anarchic world, non-state actors and terrorist groups are working to develop such weapons. Nonproliferation experts with the International Atomic Energy Agency (IAEA) have warned al-Qaeda affiliates have expressed an interest in building and using radiological dispersal devices (RDDs) or “dirty bombs.” Should bad actors obtain radioactive materials any targeted detonation would most certainly be catastrophic and would deny access to the area for years. While chemicals and biological agents do not have the same long-term effects, their ready availability and relative ease of weaponization make them an ideal resource target.
Course of Action:
IAEA experts advise that security improvements and asset hardening measures should be prioritized and reflect those radioactive sources that pose the greatest security risks. This advice should be heralded by the medical, chemical and biological industries that deal with any hazardous material that can be weaponized.
Individuals and organizations, especially entities that work with radioactive materials, should prepare and implement security policies and asset hardening measures that thoroughly integrate physical and cyber protocols.
Physical and cyber penetration testing, tabletop exercises and the development of robust SOP’s and Disaster Response Plans should be implemented under a continuing review and development plan.
Consider contacting RMS International’s security professionals for customized risk assessments and protocol development.
About RMS International:
Founded in 2012, RMS International provides ad hoc and contracted close protection, estate security, international travel management, corporate executive protection, personnel and asset security, and discreet investigative services. Operating a state-of-the-art Risk Operations Center in West Palm Beach, they provide 24/7 overwatch of global operations in Asia, Europe, Africa and throughout the Americas. RMS International delivers peace of mind in a chaotic world. Connect with us at RMSIUSA.com
