- Date released
- 24 November 2021
- Request number
-
202110030
- Release of information under
- Freedom of Information Act 2000 (FOIA)
Information requested
I would like to request a breakdown of cyber-attacks in the nuclear sector since 1 January 2015. I would like the figures to be broken to show:
- The year of attack
- The type of entity that was attacked (power station/research facility etc)
- I would like the data to include information from 2021 and to be as up-to-date as possible. I would like the data to be provided in Excel format.
Information released
I confirm that under Section 1 of the FOIA we hold the information requested.
Civil Nuclear duty holders are required to report certain events and matters related to cyber security to us as specified under Regulation 10, 18 and 22 of the Nuclear Industries Security Regulations (NISR) 2003. Reports are submitted using an Incident Notification Form 1 (INF 1).
Please see the table, reproduced below, detailing the information you require which has been extracted from the database containing the INF1 notifications and covers the period 1 January 2015 to 31 October 2021.
| Year | Number of Confirmed Cyber-attacks* | Entity |
|---|---|---|
| 2015 | 3 | Power station |
| 2016 | 1 | Power station/Decommissioning site |
| 2017 | 0 | N/A |
| 2018 | 1 | Corporate offices |
| 2019 | 0 | N/A |
| 2020 | 3 | Research facility, Decommissioning site, Corporate offices |
| 2021 | 0 | N/A |
*The meaning of a cyber-attack is taken from the following National Cyber Security Centre (NCSC) definition “Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.”
Further Information:
You may wish to refer to the FOI releases on our website to view previous similar requests.
Exemptions applied
N/A
PIT (Public Interest Test) if applicable
N/A