The U.K.’s Nuclear Decommissioning Authority (NDA) group announced the launch of a specialized cyber facility aimed at boosting collaboration among nuclear operators and the supply chain. This initiative focuses on adopting new technologies like AI (artificial intelligence) and robotics to enhance their collective defense against cyber threats. The move addresses the prevalent and evolving cyber security challenges faced by all organizations, including the civil nuclear sector.
The Group Cyberspace Collaboration Centre (GCCC) provides a space for experts in cyber, digital, and engineering to come together and share knowledge and learning on how best to adopt new technologies and defend against evolving threats.
The NDA is an organization appointed by the government to safely, securely, and cost-effectively decommission the U.K.’s earliest nuclear sites. The NDA group comprises the NDA itself and its four key divisions – Sellafield, Nuclear Restoration Services, Nuclear Waste Services, and Nuclear Transport Solutions. To enhance protection and resilience, the NDA has invested in comprehensive cyber services and capabilities across the group, ensuring a robust and unified response to common cybersecurity threats.
The GCCC, located in Herdus House, Cumbria, serves as a multi-functional space for partners to explore how new technologies can enhance mission delivery and support security operations, cyber exercises, and training. The facility is part of the NDA group’s expanding digital and cyber capabilities, which also includes a joint Cyber Security Operations facility that opened in Warrington in August. The GCCC is part of a network of advanced cyber and digital resources, including the Cyber Lab classroom at Energus, the Sellafield Engineering Centre of Excellence, and the Robotics and AI Collaboration centre (RAICo1).
“The GCCC is further enhancing our collective ability to keep us safe, secure, resilient, and sustainable in cyberspace,” David Peattie, NDA Group CEO, said in a Monday statement. “Enabling us to work together more closely means we can defend as one, benefitting the collective security of the individual organisations we serve.”
Peattie added that when it comes to security, “we are never complacent, and we continually invest in our expertise and our technology to further strengthen our capability.”
Representatives from the government, the nuclear sector, regulators, and the supply chain attended the official opening which showcased the center’s capability. They heard about the NDA’s continued investment in cyber defenses and the safe and secure use of technology in delivering its decommissioning mission.
“All nuclear sites must have strong cyber security systems in place to protect important information and assets from cyber threats, “ according to Warren Cain, ONR Superintending Inspector. “Cyber security is a key regulatory priority for the Office for Nuclear Regulation, and we welcome the NDA’s commitment to strengthen their cyber defences with this new specialist facility.”
Commenting on the move, Chris Grove, director for cybersecurity strategy at Nozomi Networks, wrote in an emailed statement that “The launch of a specialised cyber facility by the Nuclear Decommissioning Authority (NDA) marks a significant step in the UK’s cyber security efforts, particularly within the critical national infrastructure (CNI) sector. This move not only highlights the vital role of nuclear facilities in the UK’s economy and society but also reinforces the government’s commitment to protecting them from potential threats.”
In line with this focus on collaboration and enhanced security, consistent investment in cyber defenses, such as the GCCC and the Cyber Security Operations facility in Warrington, are crucial initiatives that aim to address the growing risk to the UK’s critical infrastructure, according to Grove. The NDA’s recognition of the dynamic nature of cyber threats, and their proactive approach to leveraging innovative technologies like AI and robotics within the GCCC, demonstrates a commitment to staying ahead of potential adversaries.
However, Grove highlighted that while the establishment of the GCCC and the NDA’s ongoing investment in cyber security are commendable steps, it is important to acknowledge that cybercriminals are persistent and continuously evolving. “Their interest in CNI, particularly the nuclear sector, will likely remain high due to the potential impact of successful attacks. Therefore, continuous vigilance, regular updates to security protocols, and strong public-private partnerships, as exemplified by the GCCC’s collaborative approach, are essential to effectively deter these threats and safeguard our critical infrastructure.”
In July, Chatham House released a research paper addressing the evolving cyber threats faced by the civil nuclear sector both in peacetime and during conflict. The paper highlights key vulnerabilities, such as the reliance on outdated or custom software, a safety culture that is not sufficiently aware of digital and cyber risks, and the emergence of new risks associated with using small modular reactors (SMRs) and microreactors.
