The nuclear industry is weak on cyber security
Posted: 7th May 2026
The nuclear industry is weak on cyber security, says a policy institute analysis. To respond, the sector has to take a more transparent and collaborative approach – and speed up action on improvement. THE ROYAL INSTITUTE OF INTERNATIONAL Affairs (a UK policy institute colloquially known as ‘Chatham House’) has described the nuclear industry’s status on cybersecurity as “playing catch-up”. It has warned that “the nature of licensing systems for nuclear operators means that long periods of risky working practices are often tolerated”. As an example, it highlighted the UK’s Sellafield fuel cycle site, which pleaded guilty in June 2024 to criminal charges that related to gaps in its cybersecurity between 2019 and 2023. The site had been repeatedly flagged in inspections by the UK Office for Nuclear Regulation (ONR), which warned it would apply ‘enhanced regulatory attention’ to cybersecurity practices. The Royal Institute of International Affairs (RIIA) warning came in a report, ‘Cybersecurity of the civil nuclear sector’ that considered the threat landscape and the international legal framework for cybersecurity as it applies to the nuclear industry. The group examined the issue because it saw the civil nuclear industry expanding worldwide at the same time as cyber threats are evolving, and because cyber operations targeting civil nuclear systems have been reported worldwide.