The police force charged with guarding UK nuclear power plants has admitted to 21 breaches of security last year, including 13 stolen or lost smart phones and identity cards.
In one case a Blackberry was taken in a “domestic burglary”, and in another a SIM card was “accidently thrown in disposal chute at home address.” Emails containing sensitive information, including an armoury access code and personal data, were sent in breach of security protocols.
The revelations have been condemned as a “catalogue of cock-ups”, and prompted alarm from campaigners and politicians. They point out that there have recently been concerns about Chinese state companies stealing nuclear industry secrets.
One of the reasons why the Prime Minister Theresa May is thought to have delayed a decision last month on a long-planned £18 billion nuclear power station at Hinkley Point in Somerset is the 33 per cent stake by the China General Nuclear Power Company. The company has been charged with nuclear espionage by the US government.
The Civil Nuclear Constabulary (CNC) is responsible for policing 11 nuclear sites across the UK. They include three in Scotland: the former fast reactor establishment at Dounreay in Caithness and the nuclear power stations at Hunterston in North Ayrshire and Torness in East Lothian.
The CNC has an annual budget of £100 million and 1,100 armed police officers with access to eight different weapons systems. Its latest annual report, published online, disclosed that there had been 21 security breaches in 2015-16, compared to 13 in 2014-15.
Five were categorised as “loss or theft of protectively marked electronic equipment, devices or paper documents from outside secured CNC premises”. A further six breaches were “unauthorised disclosure through insecure transmission of protectively marked documents”. Ten more were said to be “low-level”.
Details of all the breaches, released by the CNC in response to questions, are being published by The Ferret today (see below). Eight occurred at the police headquarters at Culham in Oxfordshire, including the Blackberry that was stolen and the SIM card that was thrown away.
In October 2015 a member of headquarters staff accidentally sent an “official sensitive” email to her personal account in breach of security policy. In April 2015 six people outwith a secure network were incorrectly given access to a sensitive document.
At Dounreay police officers lost their warrant cards, used for identification and arrests, in June 2015 and January 2016. A warrant card was also mislaid by police at Hunterston in December.
In May 2015 an armoury access code was internally emailed in breach of security policy at Dungeness in Kent. In October an unnamed contractor emailed police data including personal information to the wrong address outwith the secure network.
“Terrorists must be delighted with this catalogue of cock-ups ,” said Dr Richard Dixon, director of Friends of the Earth Scotland.
“It seems you just have to follow some nuclear police around for a while and they’ll drop their pass in a car park, leave a work phone on the train or accidentally send secret info through Google mail. It would be laughable if it wasn’t about the safety of some of the most dangerous sites in the UK.”
Dixon questioned whether the Scottish Government was informed of the breaches. “The proposed Hinkley Point reactors have made even Theresa May worried about allowing the Chinese access to our nuclear plants and their secrets,” he argued.
“We would need to rely even more heavily on the proper functioning of the nuclear police if we invite the world’s biggest nation’s industrial spies inside the fence.”
Dr David Lowry, a senior research fellow at the US Institute for Resource and Security Studies, also highlighted security concerns about Chinese involvement. “It sets alarm bells ringing that so many security failures could have happened at a time when there are plans to expand the UK nuclear industry,” he said.
Lowry pointed out that the government watchdog, the Office for Nuclear Regulation, had stated in its 2015-16 annual report that there were areas where security arrangements at nuclear plants “did not fully meet regulatory expectations”.
The security breaches were “troubling”, according to the SNP’s energy spokesperson, Callum McCaig MP. “We need to be sure that security is the paramount concern – and that there is no room for any more breaches or mix-ups,” he said.
Dr Doug Parr, chief scientist at Greenpeace UK, contended that nuclear power had unique safety and security challenges. “Whether we entrust our nuclear secrets to the French or the Chinese, or anyone else, there will always be the potential for losses, theft, error and accident,” he said.
The CNC, however, stressed that security breaches were dealt with “swiftly and robustly” and that they were “low risk”. Missing smart phones and warrant cards were immediately deactivated, and officers were given “advice and guidance” by supervisors.
“CNC takes any potential security issues extremely seriously and has a robust and tested process for recording and dealing with any reported breaches,” said Chief Constable Mike Griffiths.
He said there had been five lost Blackberries, eight misplaced warrant cards and five cases in which documents had been given an incorrect security classification. “We encourage our staff to self-report any potential security issues,” he said.
“In the majority of these cases the incident was indeed reported by the person who was responsible for the breach. This demonstrates that our employees are committed to maintaining a secure working environment and are fully aware of the security procedures.”
Griiffiths added: “We remain committed to maintaining a security culture at CNC and ensuring any security breaches are kept to a minimum and dealt with swiftly and robustly.”
As well as 21 security breaches in 2015-16 and 13 in 2014-15, the CNC recorded 37 in 2013-14, 25 in 2012-13 and 34 in 2011-12.
The Scottish Government pointed out that security at nuclear sites was an operational matter for the police. “The Scottish Government would expect to be informed of any significant incident,” a spokeswoman said.
Photo credit: Sizewell B | CC | John Fielding | https://flic.kr/p/oD63pf
A version of this article was published in the Sunday Herald on 28 August 2016.
