The number of formal reports documenting security issues at the UK’s civil nuclear facilities has hit its highest level in at least 12 years amid a decline in inspections, the Guardian can reveal.
Experts said the news raised concerns about the regulator’s capacity to cope with planned expansion in the sector.
A total of 456 incident notification forms documenting security issues at UK nuclear facilities were submitted to the Office for Nuclear Regulation (ONR) over 2021, according to information obtained by the Guardian and the investigative journalism organisation Point Source.
This is 30% higher than the 320 reports filed during the whole of 2020 and more than double the 213 reports that were filed in 2018.
Reported incidents include physical security issues, such as unauthorised people gaining unsupervised access to secure areas, as well as cybersecurity issues such as attacks by malicious software.
Dr Paul Dorfman, the chair of the Nuclear Consulting Group and a former secretary of the government’s committee examining radiation risks of internal emitters (Cerrie), said operators and the regulator needed to take action to address the rise in reported incidents.
“The higher number of security issues that we are seeing documented at nuclear facilities is extremely concerning,” he said.
“These figures seem to show a relaxation in security standards when it comes to the operation and regulation of sites that have the potential to cause great human and environmental harm.
“When the stakes are so high, it is important that ONR takes all these security incidents seriously, looks at why they happened, tries to address the relevant issues, and reduces the number of incidents that are occurring.”
Dorfman added: “The broader picture raises significant concerns about ONR’s technical and human capacity to regulate and monitor what is potentially a very risky industry.
“This is especially concerning in the context of the UK’s ageing nuclear fleet as well as the new-build plans the government is currently pushing.”
The recent rise in reported security incidents comes ahead of a planned large-scale expansion of the UK’s civil nuclear sector.
Last month, Boris Johnson said nuclear was “coming home” when he unveiled plans for eight new reactors in the UK.
Johnson has set a target of 25% of electricity coming from nuclear. That means increasing capacity from 7GW to 24GW by 2050, a process that will be overseen by a new body, Great British Nuclear.
During 2021, there was an increase in the number of “moderate” security incidents reported, according to the data obtained from the ONR using freedom of information legislation.
Over the year, a total of 42 security incidents documented were rated as “moderate”. This is up from the 24 moderate incidents reported in 2020 and is the highest number recorded in at least 12 years.
Moderate is the second-most severe category and is described by the ONR as an incident where there has been “a significant departure from expected standards”.
The rising number of reported security incidents comes amid a decline in the number of security inspections carried out by the regulator.
There are concerns that during 2021 the frequency of nuclear security inspections carried out by the ONR may have fallen to its lowest level in at least four years.
Data obtained in a separate freedom of information request shows that in 2021, up to 17 December, just 136 security inspections had been carried out by the ONR, down from the full-year figure of 144 in 2020 and 169 in 2019.
Information security inspections are among the types to have seen the biggest decline, with only 40 carried out in 2021 up to 17 December, down from 74 over the whole of 2020.
Dorfman said this was particularly worrying, given the growing risk of cyber-attacks on nuclear infrastructure.
“There is no question that nuclear is operating in an increasingly dangerous and unstable world where the threat of state-sponsored or non-state cyber-attacks is increasing,” he said.
In a statement, the ONR said: “We welcome the increase in reported events as our analysis indicates that this reflects improvements in security awareness and culture across the industry. The vast majority of reported events (80-90%) are minor breaches of security arrangements, which have been proactively reported to us.”
The regulator also said it believed its engagement with nuclear operators had increased over recent years despite the decline in official inspections.
It added: “The data we provided under freedom of information law relates only to on-site compliance inspections and does not include other assessment work. This separate regulatory scrutiny, which is not represented in the data, is essential to ensure site security arrangements comply with the law and includes site visits to reinforce regulatory judgments.”
