Official Loses Nuclear Plant Safety Test Details On USB Stick

An investigation has begun after a USB stick that contained information about a nuclear power plant was lost by an official working for the Office for Nuclear Regulation (ONR).

The memory stick contained details of a ‘stress-test’ safety assessment of Hartlepool nuclear power plant, but the ONR said it does not contain “significantly sensitive” data.

Lapse in concentration

The stress tests are being carried out at European nuclear power plants following the Japanese earthquake and resulting nuclear disaster at Fukushima power plant last year.

An ONR spokesman told the BBC that the plan had always been to publish the reports anyway, but that the use of unencrypted devices for transporting documents with security classification was not allowed and that an internal investigation had begun.

The Hartlepool plant is operated by EDF Energy who confirmed that the stick did not confirm anything significant. It also said that although the report had been published on its website, it was slightly different as it used less technical language and had less detailed data.

“This simply highlights the risks that businesses expose themselves to when using unencrypted devices,” commented Terry Greer-King, UK managing director for Check Point. “In November 2011, we surveyed 320 UK public and private sector firms, and 50 percent of them were not encrypting data on USB sticks despite the high-profile security breaches of recent years.  So these events are likely to keep on occurring.”

“If it’s the organisation’s policy to use encryption for sensitive documents, then solutions are easily available to apply this protection automatically,” he added.

This is not the first time something like this has happened. In October 2010, a USB stick containing sensitive information about Sellafield nuclear power plant was left in a hotel room and, even more embarrassingly, the Ministry of Defence briefly exposed secret information about nuclear submarines on its site following a cut-and-paste gaffe.

Perhaps if they really wanted to protect their information, they should invest in a Cryptek memory stick which offers both 256-bit encryption and an exterior locking mechanism.