Home : Security : News

Unencrypted USB with nuclear ‘stress test’ lost

Nuclear power plant data goes missing, leading the Office for Nuclear Regulation to carry out an internal investigation.

By Tom Brewster, 17 Feb 2012 at 10:22

gallery

A staff member at the Office for Nuclear Regulation (ONR) has lost an unencrypted USB drive containing a “stress test” for a UK nuclear power station.

The ONR, an agency of the Health and Safety Executive, admitted the loss of the data stick, which contained details on how to carry out safety assessments of a nuclear facility

The use of unencrypted USB pen drives is not permitted by ONR for transporting documents with a security classification.

The body said the USB “did not contain any significantly sensitive information.”

“At the start of the EC [European Council] 'stress test' programme, the licensees of all UK nuclear power stations committed to publishing their stress test reports, so most of the findings in this report are now in the public domain,” a spokesperson told IT Pro.

“The use of unencrypted USB pen drives is not permitted by ONR for transporting documents with a security classification. An internal investigation has been undertaken by ONR.”

European Council stress tests were ordered after the Fukushima nuclear disasters in Japan.

Every nuclear power generating country in Europe agreed to carry out these stress tests, which have involved “a targeted reassessment of each station’s safety margins in light of extreme natural events, such as earthquake and tsunami.”

Terry Greer-King, UK MD for security company Check Point, said such losses are likely to continue occurring.

“This simply highlights the risks that businesses expose themselves to when using unencrypted devices,” Greer-King added.

“If it’s the organisation’s policy to use encryption for sensitive documents, then solutions are easily available to apply this protection automatically.”

Email to a friend

Print this page

< Previous Security : News Next >

BYOD; get advice on managing mobile devices in your organisation

1 comments

You need to Login or Register to comment.

Encryption is not the only option

King is right, this was bound to happen sooner or later. Largely untrained employees plus vast amounts of on-demand data is a real risk for most companies nowadays. So it's bad enough if it's you that loses your memory stick on the train. It's hardly surprising that this story - involving, as it does, a secret report on a nuclear power station - was escalated to ministerial status. The mind boggles.

But encryption, although a great policy, isn't the only option, you can to an extent close the door after the horse has bolted through measures such as USB keys that can have their memory turned off, or deleted remotely, and even located through GPS and GSM. Simple, effective measures such as this can at least help avoid the material damage resulting from data and, more importantly perhaps, the reputational damage to a brand.
Norman Shaw,
MD, ExactTrak, makers of Security Guardian
http://www.securityguardian.uk.com/

By NormanShaw on Monday Feb 20

Latest Security Analysis & Insight

What is your password worth?

Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.

More Security Analysis & Insight

Latest Security Reviews

Check Point 2210 Appliance review

Rating:

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.

More Security Reviews