A USB stick that contained details of a stress test at Hartlepool's nuclear power station has been lost by a government inspector.
According to the Hartlepool Mail, management at the nuclear power station said the information was nothing more than technical data which had been publicly available for weeks. The Daily Mail reported that the government official was an employee of the Office for Nuclear Regulation (ONR), part of the Health and Safety Executive (HSE).
An ONR spokesperson said: “At the start of the European Commission ‘stress test' programme, the licensees of all UK nuclear power stations committed to publishing their stress test reports, so most of the findings in this report are now in the public domain. The use of unencrypted USB pen drives is not permitted by ONR for transporting documents with a security classification. An internal investigation has been undertaken by ONR.'
Terry Greer-King, UK MD at Check Point, said: “This simply highlights the risks that businesses expose themselves to when using unencrypted devices. In November 2011, we surveyed 320 UK public and private sector firms, and 50 per cent of them were not encrypting data on USB sticks despite the high-profile security breaches of recent years. So these events are likely to keep on occurring.”
Mark Darvill, CTO at AEP Networks, said: “Data in high risk industries such as this should always be encrypted if there's any chance it could leave the building. What may seem mundane to some is a treasure trove of potentially damaging information in the wrong hands.
“Critical infrastructure providers are already a prime target both for the common cyber-criminal and for rogue foreign states. There would be nothing to stop an opportunist coming into contact with this stick from selling this material to the highest bidder Any critical infrastructure provider or contractor working for them needs to ensure it has the highest levels of security deployed, to stop cyber-attacks at the first hurdle.”