THE police force charged with guarding UK nuclear power plants has admitted to a substantial increase in the number of breaches of security last year.
There were 21 separate incidents involving stolen or lost smart phones and identity cards, up from 13 the previous year.
In one case a Blackberry was taken in a “domestic burglary”, and in another a SIM card was “accidently thrown in disposal chute at home address.” Emails containing sensitive information, including an armoury access code and personal data, were sent in breach of security protocols.
“Terrorists must be delighted with this catalogue of cock-ups,” said Dr Richard Dixon, director of Friends of the Earth Scotland.
“It seems you just have to follow some nuclear police around for a while and they'll drop their pass in a car park, leave a work phone on the train or accidentally send secret info through Google mail. It would be laughable if it wasn’t about the safety of some of the most dangerous sites in the UK.”
The revelations uncovered by the Sunday Herald have been condemned as well as prompting alarm from campaigners and politicians. They point out that there have recently been concerns about Chinese state companies stealing nuclear industry secrets.
One of the reasons why the Prime Minister Theresa May is thought to have delayed a decision last month on a long-planned £18 billion nuclear power station at Hinkley Point in Somerset is the 33 per cent stake by the China General Nuclear Power Company. The company has been charged with nuclear espionage by the US government.
The Civil Nuclear Constabulary (CNC) is responsible for policing 11 nuclear sites across the UK. They include three in Scotland – the former fast reactor establishment at Dounreay in Caithness and the nuclear power stations at Hunterston in North Ayrshire and Torness in East Lothian.
The CNC has an annual budget of £100 million and 1,100 armed police officers with access to eight different weapons systems. Its latest annual report, published online, disclosed the 21 security breaches in the year to this April, compared to 13 in 2014-15.
Five were categorised as “loss or theft of protectively marked electronic equipment, devices or paper documents from outside secured CNC premises”. A further six breaches were “unauthorised disclosure through insecure transmission of protectively marked documents”. Ten more were said to be “low-level”.
In response to questions from the Sunday Herald, the CNC released details of all the breaches late on Friday afternoon. Eight occurred at the police headquarters at Culham in Oxfordshire, including the Blackberry that was stolen and the SIM card that was thrown away.
In October 2015 a member of headquarters staff accidentally sent an “official sensitive” email to her personal account in breach of security policy. In April 2015 six people outwith a secure network were incorrectly given access to a sensitive document.
At Dounreay police officers lost their warrant cards, used for identification and arrests, in June 2015 and January 2016. A warrant card was also mislaid by police at Hunterston in December.
In May 2015 an armoury access code was internally emailed in breach of security policy at Dungeness in Kent. In October an unnamed contractor emailed police data including personal information to the wrong address outwith the secure network.
Dixon questioned whether the Scottish Government was informed of the breaches. “The proposed Hinkley Point reactors have made even Theresa May worried about allowing the Chinese access to our nuclear plants and their secrets,” he argued.
“We would need to rely even more heavily on the proper functioning of the nuclear police if we invite the world’s biggest nation’s industrial spies inside the fence.”
Dr David Lowry, a senior research fellow at the US Institute for Resource and Security Studies, also highlighted security concerns about Chinese involvement. “It sets alarm bells ringing that so many security failures could have happened at a time when there are plans to expand the UK nuclear industry,” he said.
Lowry pointed out that the government watchdog, the Office for Nuclear Regulation, had stated in its 2015-16 annual report that there were areas where security arrangements at nuclear plants “did not fully meet regulatory expectations”.
The security breaches were “troubling”, according to the SNP’s energy spokesperson, Callum McCaig MP. “We need to be sure that security is the paramount concern – and that there is no room for any more breaches or mix-ups,” he said.
Dr Doug Parr, chief scientist at Greenpeace UK, contended that nuclear power had unique safety and security challenges. “Whether we entrust our nuclear secrets to the French or the Chinese, or anyone else, there will always be the potential for losses, theft, error and accident,” he said.
The CNC, however, stressed that security breaches were dealt with “swiftly and robustly” and that they were “low risk”. Missing smart phones and warrant cards were immediately deactivated, and officers were given “advice and guidance” by supervisors.
“CNC takes any potential security issues extremely seriously and has a robust and tested process for recording and dealing with any reported breaches,” Chief Constable Mike Griffiths told the Sunday Herald.
He said there had been five lost Blackberries, eight misplaced warrant cards and five cases in which documents had been given an incorrect security classification. “We encourage our staff to self-report any potential security issues,” he said.
“In the majority of these cases the incident was indeed reported by the person who was responsible for the breach. This demonstrates that our employees are committed to maintaining a secure working environment and are fully aware of the security procedures.”
Griffiths added: “We remain committed to maintaining a security culture at CNC and ensuring any security breaches are kept to a minimum and dealt with swiftly and robustly.”
As well as 21 security breaches in 2015-16 and 13 in 2014-15, the CNC recorded 37 in 2013-14, 25 in 2012-13 and 34 in 2011-12.
The Scottish Government pointed out that security at nuclear sites was an operational matter for the police. “The Scottish Government would expect to be informed of any significant incident,” a spokeswoman said.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel