Terror fears after series of security breaches at nuclear power stations
BY ROB EDWARDS
THE police force charged with guarding UK nuclear power plants has admitted to a substantial increase in the number of security breaches. There were 21 separate incidents, including stolen or lost smart phones and identity cards, up from 13 the previous year. Experts warn the breaches could be exploited by terrorists.
In one case, a Blackberry was taken in a “domestic burglary”, and in another, a SIM card was “accidentally thrown in disposal chute at home address.” Emails containing sensitive information, including an armoury access code and personal data, were sent in breach of security protocols.
“Terrorists must be delighted with this catalogue of cock-ups,” said Dr Richard Dixon, director of Friends of the Earth Scotland.
“It seems you just have to follow some nuclear police around for a while and they’ll drop their pass in a car park, leave a work phone on the train, or accidentally send secret info through Google mail. It would be laughable if it wasn’t about the safety of some of the most-dangerous sites in the UK.”
The revelations uncovered by the Sunday Herald have prompted alarm and concern from campaigners and politicians. They point out that there have recently been concerns about Chinese state companies stealing nuclear industry secrets.
One of the reasons why Prime Minister Theresa May is thought to have delayed a decision last month on a long-planned £18billion nuclear power station at Hinkley Point in Somerset is the 33 per cent stake by the China General Nuclear Power Company. The company has been charged with nucle- ar espionage by the US government.
The Civil Nuclear Constabulary (CNC) is responsible for policing 11 nuclear sites across the UK. They include three in Scotland – the former fast reactor establishment at Dounreay in Caithness and the nuclear power stations at Hunterston in North Ayrshire and Torness in East Lothian.
The CNC has an annual budget of £100million and 1,100 armed police officers, with access to eight different weapons systems. Its latest annual report, published online, disclosed the 21 security breaches in the year to this April, compared to 13 in 2014-15.
Five were categorised as “loss or theft of protectively marked electronic equipment, devices or paper documents from outside secured CNC premises”. A further six breaches were “unauthorised disclosure through insecure transmission of protectively marked documents”. Ten more were said to be “low-level”.
In response to questions from the Sunday Herald, the CNC released details of all the breaches late on Friday afternoon. Eight occurred at the police headquarters at Culham in Oxfordshire, including the Blackberry that was stolen and the SIM card that was thrown away.
In October 2015, a member of headquarters staff accidentally sent an “official sensitive” email to her personal account, in breach of security policy. In April 2015, six people outwith a secure network were incorrectly given access to a sensitive document.
At Dounreay, police officers lost their warrant cards, used for identification and arrests, in June 2015 and January 2016. A warrant card was also mislaid by police at Hunterston in December.
In May 2015, an armoury access code was internally emailed, in breach of security policy, at Dungeness in Kent. In October, an unnamed con- tractor emailed police-data including personal information to the wrong address outwith the secure network.
Dixon questioned whether the Scottish government was informed of the breaches. “The proposed Hinkley Point reactors have made even Theresa May worried about allowing the Chinese access to our nuclear plants and their secrets,” he argued.
“We would need to rely even more heavily on the proper functioning of the nuclear police if we invite the world’s biggest nation’s industrial spies inside the fence.”
Dr David Lowry, a senior research fellow at the US Institute for Resource and Security Studies, also highlighted security concerns about Chinese involvement. “It sets alarm bells ringing that so many security failures could have happened at a time when there are plans to expand the UK nuclear industry,” he said.
Lowry pointed out that the government watchdog, the Office for Nuclear Regulation, had stated in its 2015-16 annual report that there were areas where security arrangements at nuclear plants “did not fully meet regulatory expectations”.
The CNC, however, stressed that security breaches were dealt with “swiftly and robustly” and that they were “low risk”. Missing smart phones and warrant cards were immediately deactivated, and officers were given “advice and guidance” by supervisors.
“CNC takes any potential security issues extremely seriously and has a robust and tested process for recording and dealing with any reported breaches,” Chief Constable Mike Griffiths told the Sunday Herald.
The CNC recorded 37 security breaches in 2013-14, 25 in 2012-13 and 34 in 2011-12.
Security at nuclear sites is an operational matter for the police. “The Scottish government would expect to be informed of any significant incident,” a spokeswoman said.