The National Cyber Security Centre (NCSC) has been called in to assist Britain’s nuclear power industry after reports of a computer intrusion triggered a security crisis. The Telegraph news agency obtained a Nuclear Decommissioning Authority (NDA) report using the freedom of information legislation. The report stated that officials are “aware that an important business in the Nuclear Power Generating Sector has been negatively impacted by a cyber-attack and has to rely on expertise from the NCSC to help with recovery.” A document surfaced from May 13, 2019 which contained evidence that a successful attack was carried out. The damage that was caused by the threat actor was not revealed in the document. Britain stated that they are “at war everyday” with cyber-attacks originating from Russia and elsewhere around the world. In September, India also released an announcement stating that a cyber-attack targeted their nuclear industry.
The United Kingdom (UK) government has not been transparent about this attack, allowing the news to come out months later by a third-party website instead of making an official statement. Governments and businesses continue to face difficult choices when deciding whether to publicly release a statement about any computer intrusion–when information is later released through a 3rd party, it can have damaging consequences for public trust. Government officials did not say whether or not they know who was behind the attack, but it is possible it is the same actor that was behind the attack in India. The nuclear industry makes an enticing target for threat actors, especially nation-state actors. For more information, see the news story on The Telegraph: https://www.telegraph.co.uk/business/2019/11/30/cyber-attack-targets-uks-nuclear-industry/