New Nuclear Sector Hub to strengthen cybersecurity of UK’s nuclear industry

The Chartered Institute of Information Security (CIISec) has announced the launch of a new Nuclear Sector Hub to support and professionalise cybersecurity within the UK’s nuclear sector. The Hub will tackle cybersecurity challenges throughout the industry including improving collaboration amongst disperses workforces, encouraging best practices, improving the skills and experience of nuclear cybersecurity professionals, and helping to attract new recruits into the industry. The Hub is to be led by CIISec fellow Mark Kendrew, CISO of the National Nuclear Laboratory, and comes a few months after the UK Government outlined a new national nuclear cybersecurity strategy.

Cybersecurity culture a challenge for UK’s nuclear sector

In a press release, CIISec noted the sheer number of people working within the nuclear industry in diverse roles, which include enrichment, decommissioning, and waste management at both the national and regional level. This can make it a challenge to promote a holistic and healthy cybersecurity culture.

Underpinned by CIISec’s Skills Framework, the Nuclear Hub will therefore help to encourage collaboration and knowledge sharing, while standardising best practice across the sector and ensuring everyone has the skills, knowledge, and confidence to do their jobs effectively, CIISec stated. It will also help to support professional development, from encouraging young people to join through CIISec’s network of partners who offer cybersecurity apprenticeships and graduate programmes, to supporting people in progressing their careers from infancy right through to CISO, CIISec added.

“As a source of low-carbon power, the nuclear sector is a critical industry as the UK increasingly reduces its reliance on fossil fuels to create a greener future,” commented Amanda Finch, CEO of CIISec. “With its importance to the UK economy continuing to grow, it’s never been more important to ensure that the sector is well-positioned to fight cyberthreats.” Encouraging diverse and fresh talent into the industry, and then nurturing them throughout their careers, needs to be a priority, she added.

Kendrew said he relishes the opportunity to lead the Hub, which will form an integral part of the UK Government’s Civil Nuclear Cyber Strategy.

UK Government sets out new nuclear cybersecurity strategy

In May 2022, the UK Government announced new cybersecurity plans for the nation’s civil nuclear sector as part of its National Cyber Strategy 2022, stating its aim to build a comprehensive understanding of current sector cybersecurity strengths and challenges with key objectives to be achieved by 2026.

In 2022 Civil Nuclear Cyber Security Strategy, the UK Government outlined its goal of creating a UK civil nuclear sector which effectively manages and mitigates cyber risk in a collaborative and mature manner, with resilience in responding to and recovering from incidents and an inclusive culture for all. “The nature of cyberspace and the challenges faced mean that this strategy cannot be delivered by any organisation alone and has therefore been developed jointly with leaders from public and private sector civil nuclear organisations, the Office for Nuclear Regulation, and the National Cyber Security Centre. Its success hinges on joint delivery and continued cooperation across all partners,” the report read.

The new plans build on existing understanding surrounding nuclear cybersecurity and introduce four key objectives which the sector should achieve within the next four years:

• Appropriately prioritise cybersecurity as part of a holistic risk management approach, underpinned by a common risk understanding, and outcome-focused regulation.
• Take proactive action to mitigate supply chain cyber risks in the face of evolving threats, legacy challenges, and adoption of new technologies.
• Enhance resilience by preparing for and responding collaboratively to cyber incidents to minimise impacts and recovery time.
• Collaborate to increase cyber maturity, develop cyber skills, and promote a positive security culture.

These objectives will be delivered via several priority and supporting activities and overseen by a programmatic approach to delivery, the report added.