CYBER Insights » THREAT INTEL: Sellafield UK Ltd failings in basic security protocols are alarming

THREAT INTEL: Sellafield UK Ltd failings in basic security protocols are alarming

Aerial_view_Sellafield,_Cumbria_-_geograph.org.uk_-_50827
Image Credit: Sellafield - Wikipedia

Gibraltar: Tuesday 25 June  2024 at 11:50 CET

THREAT INTEL: Sellafield UK Ltd failings in basic security protocols are alarming

By Andy Jenkinson – Guest Contributor |  Group CEO Cybersec Innovation Partners
via IainFRASER.net/CYBERInsights
First for SME Cybersecurity News
Google Indexed on 250624 at 12:40 CET

#SMECyberInsights #SMECyberNews #Cybersecurity #WhitethornShield #InternetSecurity #Cybercrime #DNS #PKI

This week’s guilty verdict against Sellafield UK Ltd for failing basic security protocols is alarming. This verdict followed a damning article by the Guardian in December 2023 when they reported a cyberattack on the nuclear facility.

Public records reveal that in August 2022, BT Group, a partner of the NCSC’s Share & Defend program, secured a £32 million contract to provide cyber security services to Sellafield.

Despite this, the so far unnamed third party was found guilty of numerous security lapses at Sellafield UK Ltd this week.

The involvement of BT Group, coupled with exposed Internet assets and servers by Sellafield UK Ltd and BT Group, raises questions about the true extent of the cybersecurity oversight. Our research shows both parties are exposed and insecure to digital intrusion and further incidents.

It only takes a single error, a single exposed, Not Secure domain, or Insecure server to enable an opportunity and unlawful access via an insecure Asset. Is this a case of gross negligence, or is there even more beneath the surface?

Sellafield

The situation has more than a whiff of a potential cover-up, with implications that extend far beyond Sellafield UK Ltd and BT Group, calling into question the integrity of national cybersecurity measures.

Allison Kirkby Martin Chown David Peattie FREng HonFNucI Euan Hutton MSRP MAPM

Cybersec Innovation Partners
GCHQ
Office for Nuclear Regulation
Information Commissioner’s Office
BBC News
ITV News
Serious Fraud Office (UK)
InternetSecurity
DNS
PKI

 

About Andy Jenkinson

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader. A ‘big deal’ business accelerator, and inspirational, lateral thinker, Andy has crafted, created, and been responsible for delivering 100’s £ millions of projects within the Cyber, Technical, Risk and Compliance markets for some of the world’s largest, leading organisations. Andy has a demonstrable track record of largescale technical delivery and management within many sectors including the Professional, Managed, and Financial Services.