Cyber-hackers have targeted the company behind a £50bn project to build a vast underground nuclear waste store in Britain, its developer has said.
Radioactive Waste Management, the company behind the Geological Disposal Facility (GDF) project, has said that hackers unsuccessfully attempted to breach the business using LinkedIn.
RWM is the government-owned entity behind a trio of nuclear bodies that merged last year to create Nuclear Waste Services (NWS). The new body brought together the GDF project, the long-established Low Level Waste Repository in west Cumbria and another body responsible for managing waste to develop a store expected to last 175 years.
In accounts for RWM filed at Companies House, NWS’s chief executive, Corhyn Parr, said of the merger that “we have seen instances of potential exploitation of ownership change through specific attack vectors, predominantly LinkedIn targeting”.
Parr said that none of the “cyber incidents” at RWM last year had had a “material effect”.
A spokesperson said: “NWS has seen, like many other UK businesses, that LinkedIn has been used as a source to identify the people who work within our business. These attempts were detected and denied through our multi-layered defences.”
Experts have warned that social media sites are used by hackers to break through security mechanisms in a number of ways. These include creating fake business accounts, deceptive messages to gather information or cause recipients to click on malicious links, as well as directly trying to steal users credentials for other secure logins.
This type of social engineering – which also includes attacks via email, phone and text – can be a gateway to gain sensitive information from companies and individuals.
The government is in the process of finding a site for the GDF project, a subterranean network tunnels and vaults designed to house Britain’s highly radioactive nuclear waste. The project is forecast to cost between £20bn and £53bn, and expected to receive its first waste in the 2050s. It echoes similar deep repository projects in Finland and France.
Earlier this year, Allerdale in Cumbria was deemed geologically unsuitable for the facility, leaving two other sites in Cumbria and one on the Lincolnshire coast remaining on the shortlist. NWS is in the process of surveying each site and convincing communities to approve of a development, in the face of local opposition.
Parr said that NWS’s “focus is around the threat intent and activity” around development consent for a GDF.
Against this backdrop, the company said threats included “a cyber event, social engineering, fake news, attempts to gain information around community partnerships, online activism and staff safety in the online world”.
LinkedIn has alerted users to possible scams in the past and posted ways to avoid being harmed.
Digital security in the nuclear industry has been in focus since the Guardian revealed a string of problems with cybersecurity at the Sellafield site in Cumbria.
A spokesperson for NWS said: “Like many nationally significant sectors we recognise we will always be a target for cyber threats.
“There has never been a cyber incident at NWS which has disrupted our business or site operations. Low-level phishing attempts have been detected and denied through our cyber defences. We have no evidence that suggests cyber threats are being used to influence local opinion on where a Geological Disposal Facility could be located.
“We remain vigilant and focused on further strengthening our approach to ensure the highest standards of cybersecurity and we continuously improve our continuity and recovery planning in line with our evolving business need.”
