There was a significant rise in security lapses at the body responsible for the UK’s nuclear weapons last year, The Ferret can reveal, prompting calls for an investigation.
There were 83 security incidents at the Defence Nuclear Organisation (DNO) between April 2023 and March 2024.
It is the arm of the Ministry of Defence (MoD) responsible for all aspects of the UK’s nuclear weapons programme except military operations. This includes maintaining nuclear warheads, delivering the replacement warhead programme and conducting scientific research into nuclear weapons.
Last year we reported there had been 113 security incidents at the body in the previous five years, meaning last year’s number of lapses is nearly 4 times higher than normal.
The MoD was previously accused of a “cover up” for refusing to release any details of security incidents and refused to do so again this year citing national security concerns.
It said the “majority” of the breaches had “no significant impact” on UK security. The increase in security incidents reported last year was a result of stronger processes where staff are “encouraged to report all security concerns, regardless of their significance”, an MoD spokesperson claimed.
But anti-nuclear campaigners and politicians said the number of breaches was “outrageous” and pointed out that the DNO was averaging more than one incident a week.
They called for “transparency” about the nature of the lapses and “evidence that steps have been taken to prevent them happening again”.
Westminster’s new Labour government has backed retaining the UK’s nuclear weapons, despite the fact a number of senior cabinet members voted against renewing the Trident nuclear programme while in opposition.
Prime minister, Sir Keir Starmer, said in the lead up to the general election that he would be prepared to press the nuclear button to defend the UK and announced a “triple lock” on Britain’s nuclear weapons.
This ‘lock’ will reportedly involve maintaining Britain’s so-called continuous at sea deterrent – which sees one nuclear submarine on patrol at all times – as well as building four new submarines and delivering any necessary upgrades to the nuclear fleet in the future.
The DNO is based at the MoD’s headquarters in London but also has staff in other locations around the UK including at Coulport, on Loch Long, where around 200 of the UK’s arsenal of nuclear warheads are stored.
In June, The Ferret uncovered that there had been a separate 174 security breaches at Coulport and the Trident submarine base at Faslane, near Helensburgh, between 2018 and 2022.
The MoD also refused to provide details of these incidents but said they could include lost identity cards, misplaced documents and data protection breaches. In its FOI response, the DNO confirmed that its own security lapses also included data breaches but refused to release any more details about what these might entail
It said doing so could provide “potential adversaries” with insight into the DNO’s security operations which could be used to “attempt to acquire sensitive information relating to the nuclear deterrent”.
No security breach or ‘minor’ incident should be shrugged off at a site of nuclear weapons.
Lynn Jamieson, Scottish Campaign for Nuclear Disarmament
However, according to Lynn Jamieson, the chair of the Scottish Campaign for Nuclear Disarmament, “the word ‘security’” is “being used to justify ‘secrecy’” around the incidents.
Jamieson told The Ferret: “An increase in security breaches is outrageous. No security breach or ‘minor’ incident should be shrugged off at a site of nuclear weapons.
“Regular breaches signal either a grossly-inappropriate casual culture or the impossibility of 100 per cent security. Incidents rising to 83, averaging more than one a week, calls for public investigation.”
Scottish Greens MSP Ross Greer called our revelations about the breaches “deeply concerning”, adding that with “something as destructive and deadly as nuclear weapons, there can be no room for error”.
“We need transparency about the nature of these incidents and evidence that steps have been taken to prevent them from happening again,” Greer argued. “With the MoD’s record on nuclear safety though, I won’t be holding my breath.
He continued: “Trident is a vast money pit, swallowing up hundreds of billions of pounds which could be far better spent making people and the planet safer. The staggering sums involved in maintaining these world-ending weapons would be infinitely better used lifting people out of poverty and taking action against the greatest security threat we will ever face, the climate emergency.”
An MoD spokesperson said: “Maintaining highly effective security is important across the defence nuclear enterprise.
“In the last year we have taken steps to strengthen our internal governance and independent verification of our processes. Staff are encouraged to report all possible security concerns, regardless of their significance, and this has resulted in an increase in the number reported.”
Lapses at power plants
A separate FOI response received by The Ferret has also revealed security lapses at the Civil Nuclear Constabulary, the armed police force which protects nuclear power plants and nuclear materials in the UK, including at the Torness and Dounreay sites in Scotland.
It reported 40 security incidents across its sites in 2022-23 – the most recently available figures. Unlike the DNO, the force provided details of each of the lapses which it said were all “low level and dealt with immediately”.
They included the loss of identification documents for members of staff, an officer’s badge being put up for sale on Ebay, and work mobile phones and tablets being lost. The CNC said any lost devices were either found shortly after being reported missing or wiped remotely so they could not be used to access sensitive information.
In one instance, an unauthorised workman also gained access to the force’s headquarters after a fire door was left unsecured.
Julie Carlisle, a data protection officer at the Civil Nuclear Constabulary, told The Ferret that none of the incidents were considered a “security breach”. She said each incident was “immediately triaged and investigated and there were found to be no security concerns”.
Carlisle added: “We encourage proactive reporting of both security and data breach concerns, and this is reflected in the numbers. It does not mean that those reports were found to relate to serious security or data breach events.”
Get all our latest updates with the Ferret Underground, our free newsletter. Sign up for free stories every week, an invite to our exclusive Facebook group, and a monthly behind-the-scenes newsletter.
Main image: Crown Copyright/Tam McDonald
