GCHQ to review proposed nuclear plants for cyber-vulnerability

GCHQ will be poring over the design in several proposed new chinese-made nuclear power plants.

Nation state behind malware attacks on European ICS systems?
Nation state behind malware attacks on European ICS systems?

GCHQ will be closely examining the blueprints of Chinese-made nuclear plants in the UK.

Nuclear power has been taken up by successive UK governments as a power source of the future.  Xi Jinping, the Chinese premier, arrived in the UK on Monday, to sign an agreement with the energy firm EDF, to build nuclear power plants in Suffolk and Essex.

However, China is also considered to be among the world's most capable and most prolific perpetrators of global cyber-espionage, especially against UK and US companies and government contractors. The Times, which first published the story, revealed that Whitehall has been afraid of Chinese-made equipment for years, even going so far as to remove video conferencing equipment from many departments after fearing the equipment could be bugged.

The prospect of this deal has been met with outcry by security chiefs, campaigners and academics alike. They believe that the Chinese state-controlled company building the powerplants could build in cyber-backdoors which might allow Chinese security services to conduct espionage or hijack large parts of the UK's energy infrastructure in the event of an international crisis.

Paul Dorfman, a government advisor and part of University College London's Energy Institute told Russia Today that, “No one else in Europe would cut this deal. America wouldn't dream of letting China have such a part in its critical national infrastructure”.

The deal has also split government departments. The treasury is going ahead with the £17 billion deal and overlooking the security concerns of other departments according to several statements made to The Times from high ranking members within government.

This is why GCHQ, the UK's signals intelligence agency and operator of the UK's mass surveillance system, will be overseeing the construction of these nuclear power plants. GCHQ gave a statement to the press saying that the agency has a remit, “to support the cyber-security of private sector-owned critical national infrastructure projects, including in the civil nuclear sector and nuclear new builds, when invited to do so by the lead government department involved.”

“GCHQ made the 'announcement' in response to the press concern over the issue, however, it is not clear what this really means and what type of review will be made,” says Anthony Froggatt, Chatham House's senior research fellow in energy, environment and resources. He spoke to SCmagazineUK.com, saying that it may be too early to really tell whether there are any security concerns involved in Chinese companies building UK power stations.

Froggatt said, “Each reactor has to undergo a licensing process that will certify the design and location.” There are currently no operating reactors of the Lualong design, the kind that is being proposed “so it is difficult to discuss the specific safety standards/concerns or the security implications that the specific reactor will bring.”

GCHQ did not respond for comment in time for publication.

Sign up to our newsletters