Cyber-hackers targeted Radioactive Waste Management (RWM), the company responsible for the UK’s £50 billion Geological Disposal Facility (GDF) project, which aims to construct an extensive underground nuclear waste store. The attack, conducted through LinkedIn, sought to exploit ownership change data after the merger of three nuclear bodies to form Nuclear Waste Services (NWS). Although the hacking attempts were unsuccessful and had no material impact, they highlighted the ongoing cybersecurity threats faced by major projects, especially those associated with critical infrastructure development. RWM’s CEO, Corhyn Parr, noted instances of potential exploitation through LinkedIn targeting but affirmed that the company’s multi-layered defenses successfully detected and denied the cyber incidents.
The GDF project involves creating a subterranean network of tunnels and vaults to house highly radioactive nuclear waste in the UK. The project, with an estimated cost between £20 billion and £53 billion, aims to receive its first waste in the 2050s. Despite facing challenges, such as the geological unsuitability of a site in Allerdale, Cumbria, the project continues with three potential locations under consideration. NWS, aware of the evolving threat landscape, focuses on various potential risks, including cyber events, social engineering, attempts to gain information on community partnerships, online activism, and staff safety in the online world.
The hacking incident points to the diverse tactics employed by threat actors, with social media platforms like LinkedIn becoming sources for identifying individuals associated with critical projects. Cybersecurity experts warn about the potential for social engineering, fake accounts, deceptive messages, and attempts to steal user credentials. As NWS navigates the challenges of community approval for GDF development, the emphasis on mitigating cyber threats, along with other risks, remains crucial. The incident serves as a reminder of the importance of maintaining vigilance and implementing robust cybersecurity measures in large-scale projects with national significance.