Nuclear Plant Safety Report on USB Stick Lost By Official
Hartlepool facility plans go missing in India
By John E Dunn
February 17, 2012 — A USB stick containing a confidential safety report on a UK nuclear power station has been lost in India, UK ministers have been told by a red-faced Office for Nuclear Regulation (ONR).
The report on Hartlepool nuclear power station was reportedly downloaded in unencrypted form on to the drive before being lost by a senior Health and Safety Executive (HSE) official while at a conference in India, sources told The Sun newspaper.
Containing extensive technical plans to the EDF-owned plant, the report was part of an assessment carried out on all ten of the country's nuclear power stations in the aftermath of the Fukushima incident after the Japan Tsunami last March.
"The use of unencrypted USB pen drives is not permitted by ONR for transporting documents with a security classification," an official confirmed.
Officials for power company EDF played down the significance of the report, pointing out that it had since been published in a redacted form, but the incident is another example of the security risk posed by unencrypted USB sticks.
With Prime Minister David Cameron hosting a meeting on nuclear industry this week, the opposition have been quick to draw attention to the embarrassing loss.
"The safety of the UK's nuclear industry is of paramount importance. It is extremely disturbing that sensitive information about a UK nuclear power station has been lost overseas. I will be urgently writing to the Energy Secretary to get answers," said Shadow energy and climate change secretary Caroline Flint.
"This simply highlights the risks that businesses expose themselves to when using unencrypted devices," commented Terry Greer-King, UK MD for security firm Check Point.
"In November 2011, we surveyed 320 UK public and private sector firms, and 50 percent of them were not encrypting data on USB sticks despite the high-profile security breaches of recent years. So these events are likely to keep on occurring," he said.
"If it's the organisation's policy to use encryption for sensitive documents, then solutions are easily available to apply this protection automatically."