Nuclear leaks over the past year have revealed problems related to cyber hacking, radiation leaks, and a toxic workplace culture at the UK’s most dangerous nuclear site, Sellafield. This was confirmed by an investigation carried out by The Guardian, which outlined how a small corner of Britain holds enormous influence over its special relationship with the United States and countries linked through a shared history of nuclear weapons development. Neighbors in Europe, particularly Norway and Ireland, are closely monitoring the site, as previous incidents of contamination and radiation activity have reached their shores.
The Sellafield site, funded by taxpayers in Cumbria on the remote northwestern coast of England, has the largest plutonium storage on the planet. It is a massive decommissioning site and waste dump dealing with remnants from decades of atomic energy generation and nuclear weapons programs. It also receives nuclear waste from countries such as Italy, Japan, and Germany, which is then processed, packaged, and returned. The industrial complex was originally named Windscale, dating back to the Cold War arms race, and was the original site for the UK’s nuclear weapons development in 1947, where plutonium was manufactured while the country raced to build an atomic bomb. It was the site of one of Europe’s worst nuclear disasters, the Windscale fire in 1957, which sent a column of toxic smoke across the continent. It was also home to the world’s first large-scale commercial nuclear power station, Calder Hall, which opened in 1956 and ceased electricity generation in 2003. The site has nearly 1,000 buildings and a workforce of 11,000, with its own railway and road network, washing services for ordinary and potentially radioactive clothing, and a special police force comprising more than 80 dogs. The UK still owns a number of nuclear power plants, mostly owned by French company EDF, which generates about 16% of the electricity for the grid. The UK is also building new nuclear power stations, including Hinkley Point C in Somerset, although its waste will eventually be buried in a new geological disposal facility.
### Cybersecurity Concerns
The investigation found that the Sellafield site had been hacked by electronic groups closely linked to Russia and China, with senior staff covering up the potential ramifications. This breach was one of a series of electronic problems at the site, which were concealed by top managers. Other concerns included the ability of external contractors to connect memory chips to the system without oversight, and remote site employees accessing its computer servers. The UK’s nuclear regulatory body and the Office for Nuclear Regulation (ONR) have placed the site under a form of “special measures” due to ongoing cybersecurity failures. Sources indicated that breaches were first discovered in 2015 when experts realized dormant malware, capable of spying or attacking systems, had infiltrated Sellafield's computer networks. It remains unclear whether this malware has been eradicated, potentially compromising some of Sellafield's most sensitive data regarding activities such as radioactive waste transport, monitoring hazardous material leaks, and fire safety checks.
### Leak Escalation
The investigation also revealed an exacerbation of radioactive liquid leakage from a decaying silo, with radioactive materials seeping into the ground, likely to continue until 2050. The newspaper noted concerns regarding P30, a pond containing nuclear sludge from corroding fuel rods, whose concrete and asphalt shell is cracked, with these fissures exacerbating in recent months.
### Norwegian and Irish and U.S. Concerns
Fears regarding the safety of Sellafield have led to diplomatic tensions with countries including the United States, Norway, and Ireland. Norwegian officials are concerned that an incident at the site could lead to a plume of radioactive particles carried by prevailing southwesterly winds across the North Sea, possibly devastating food production and wildlife in Norway. The radioactive contamination from the 1957 Windscale fire reached Norway’s shores. In 2006, the Irish government attempted to take action against Sellafield by referring it to a UN court due to environmental concerns. An EU report in 2001 warned that an accident at Sellafield could be worse than the Chernobyl disaster, where an incident in 1986 exposed 5 million Europeans to radiation, highlighting that issues leading to the potential release of radioactive waste into the atmosphere at the plant included explosions and air accidents. Fire safety is a primary area of concern; the investigation revealed an internal document from November 2022 warning of the “cumulative risk” posed by failures across a range of areas, from nuclear safety to fire hazard management and asbestos issues. A senior Sellafield employee told The Guardian, “They cannot handle fires or asbestos at the site, let alone the dismantling of nuclear containment materials." Regarding the breach, sources indicated that the full extent of any data loss and ongoing risks to systems has become difficult to assess due to Sellafield's failure to alert nuclear regulators for several years. Regarding the leaking silo, a report from the National Research Office last June indicated that Sellafield considered the leakage risk as low as practically possible, but scientists who spoke to the newspaper expressed increasing concern over the full scope of the leak, while the potential for contamination of groundwater remains unclear.
### UK Government Response
For its part, the Minister of State for Energy Security and Net Zero Carbon Emissions, Claire Coutinho, wrote to the CEO of the Nuclear Decommissioning Authority, David Peattie, stating that what the newspaper revealed about cybersecurity failures requires “urgent attention.” She added that “these allegations are a troubling reminder of the long-standing nature of some of these issues, specifically cybersecurity at Sellafield.” Regarding the toxic ponds, she noted that she also requested to be informed about efforts to increase the pace of this work. The UK government's National Cyber Security Centre has stated, “We have warned about the persistent and significant cyber threat to the UK’s critical national infrastructure for some time now, including in our most recent annual review.” The Centre added, “We are working closely with all areas of the UK's critical national infrastructure and collaborating with organizations to highlight the threat landscape and mitigation activities as part of our routine operations.” Sellafield, which manages the nuclear site, stated it is “working closely with our regulator on cybersecurity,” and a spokesperson indicated that “due to the progress we have made, we have an agreed pathway to significantly step down from enhanced regulation.” Sellafield clearly views itself as posing “no additional risk” to employees and the public, with the spokesperson adding, “We are proud of our safety record at Sellafield and always strive for improvement.” He continued that “the nature of our site means that until we complete our mission, our most hazardous facilities will always pose a risk,” noting that they are “continuously measuring and reporting on nuclear, radiological, traditional safety.”
