The police force that guards the UK’s nuclear plants reported 37 security breaches last year, including the thefts of a uniform, confidential documents, an officer’s day book and three “classified” Microsoft tablets.
Alongside the thefts, there were 12 instances of personal data being compromised, and a further 19 cases where staff lost their warrant or identity cards.
The findings were revealed in a freedom of information (FoI)request by the independent investigative journalism co-operative The Ferret, which asked the Civil Nuclear Constabulary (CNC) for details of security incidents in 2021-22.
The 37 incidents reported last year was the highest number for eight years.
The CNC is an armed force that protects 10 civilian nuclear sites across the UK, including Torness and Dounreay in Scotland.
It is also responsible for the security of nuclear energy material when it is being transported and says that countering terrorism is “at the heart” of its remit.
But campaigners said the force had allowed an “appalling litany of security breaches” that undermine the nuclear industry’s claim its sites are among the most secure in the country.
One activist argued that “few things could be worse than terrorists getting into a nuclear plant” and called for an “urgent inquiry into why the CNC are doing such a terrible job” of preventing security incidents.
The force said it takes security issues “extremely seriously” and has a “robust process” for dealing with reported breaches.
It claimed the majority of security incidents were “low level”, such as the “mistyping an email address or sending a document with the wrong security classification”.
All of the stolen items were taken from vehicles, according to the FoI response. The tablets – which are listed as Microsoft Surface Pros – included classified information and were stolen while vehicles were outside secure premises.
The thefts of the day book and uniform, alongside the loss of the identity cards, are all listed as “low level breaches” by the force.
The CNC said these thefts had happened in two incidents when thieves accessed unmarked vehicles while they were parked at service stations. The tablets were encrypted and immediately wiped once the thefts were reported, it claimed. Examples of personal data being compromised include information being “incorrectly uploaded to a cloud platform” and correspondence being sent to personal email addresses or the wrong external team.
There was also an incident of “inappropriate access to and sharing of police information” but the FoI response does not provide any further information about this.
The CNC has more than 1,100 firearms officers at its disposal and has access to “over 10 different weapons systems’’.
The force has stationed armed police at non-military nuclear sites across the UK since 2005, after a decision was made to bulk up security at plants in the aftermath of the 9/11 attacks in the US. Its annual budget has grown by around £20m since 2016-17 and now sits at just over £120m. However, this increased spending power has not reduced the number of reported security breaches, which have more than doubled in the last six years.
In 2021, the Office for Nuclear Regulation (ONR) – which oversees the civil nuclear industry – also recorded the highest number of security issues at UK nuclear sites for at least 12 years.
The 456 incidents flagged to the ONR across the nuclear industry that year included unauthorised people gaining access to secure areas of plants and cybersecurity threats such as attacks using malicious software.
The growing number of security incidents comes at the same time that the UK Government has announced its ambition to boost production of nuclear energy.
It wants to build 24 gigawatts of new nuclear power capacity by 2050. One new station – Hinkley Point C in Somerset – is already under construction, while another – Sizewell C in Suffolk – has received planning permission.
Dr Paul Dorfman, chairman of the Nuclear Consulting Group, said he was “hugely concerned about the wisdom of this strategy” at a time when “security incidents are on the rise”. He claimed that renewable technologies are a “cheaper, quicker and safer” option to reach climate targets than nuclear energy.
Richard Dixon, the former director of Friends of the Earth Scotland, questioned whether the breaches meant “any old terrorist can simply buy a security badge and a uniform down the local pub”.
‘Can any old terrorist buy a security badge and uniform down the local pub?’
He added: “This is an appalling litany of security breaches. Because of the risk of terrorist attack, the nuclear industry always tells you their sites are among the most secure in the country”.
Julie Carlisle, a data protection officer for the CNC, said the increase in reporting in 2021-22 is “considered a positive thing” as it “demonstrates the security culture” at the force, adding: “Since the two thefts from vehicles, we have reiterated the message to all employees that no CNC property, including uniform, must be left when a vehicle is unattended and we’ve seen no further incidents. The CNC takes any potential security issues extremely seriously and has a robust and tested process for recording and dealing reported breaches.”
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel