Government, through the National Cyber Security Programme, has provided training to key personnel within the civil nuclear industry to continuously improve the cyber security of the nuclear sector. We are doing this by facilitating training for the regulator and civil nuclear personnel, and carrying out risk reviews of sites within the civil nuclear sector to provide recommendations on how their cyber security can be enhanced. Additionally, operators of nuclear power plants in the UK must operate in accordance with the UK’s very stringent safety and security regulations and legal framework. These are enforced by the independent Office for Nuclear Regulation.
The UK’s Nuclear Industries Security Regulations 2003 require all site licence companies to detail their arrangements for physical, personnel, and cyber security, which includes the protection of equipment and technology, in a security plan that is approved by ONR. These plans are routinely tested and exercised. Furthermore, as a requirement for security plan approval, ONR also seek assurance that all personnel are adequately trained and competent to undertake their role and that dutyholders encourage a strong security culture through regular briefings on a wide range of threats.’