Sellafield Ltd., the company cleaning up the UK’s largest nuclear waste site, has spent £2.6 million renewing its Darktrace cybersecurity licences.
The contract renewal comes 12 weeks after Sellafield Ltd. was fined £332,500 for cybersecurity shortfalls during a four-year period – following a prosecution brought by watchdog the Office for Nuclear Regulation.
The ONR found that between 2019-2023 Sellafield Ltd “failed to meet the standards, procedures and arrangements, set out in its own approved plan for cybersecurity and for protecting sensitive nuclear information.”
It was not immediately clear when Sellafield Ltd. first contracted Darktrace. A public notice did not specify the number of licences. Sellafield Ltd. employs some 12,000 staff. The renewed contract includes two years of “maintenance and support”, and 10 days of professional services yearly, a short contract notice posted on January 7 showed.
Long-term technology and security services provider Atos’s Eviden also continues to work with Sellafield. It rejected the suggestion that the prosecution reflected badly on its performance, with a spokesperson saying that "it is a matter of public record that Atos supported Sellafield to identify security issues."
Sellafield: A fresh CISO, same old Darktrace
The company appointed a new CISO, former Home Office Head of Cyber Security Operations and former Foreign Office CISO “David M,” in January 2024 and is also currently recruiting for a Head of Security Architecture.
That role’s responsibilities include establishing and leading “a high performing Security Architecture team… definition, development, and maintenance of the organisation’s Enterprise Security Architecture and overall strategic approach to security architecture” and supporting “strategic projects with significant security architecture requirements.”
A significant security overhaul with a fresh team is clearly ongoing.
Reputational challenges linger
Darktrace faces notable reputational challenges in the industry over its technology and whilst sniping from rivals is to a degree common with many firms, few face quite such blunt attacks over perceived failings.
In 2023 it grappled with a blistering report by short-sellers who flagged its exceptionally high marketing expenses and “impossibly low R&D budget” among other more startling claims against the firm.
It denied the claims in the report and hired EY to investigate its finances. It did not publish EY’s final report but said that it had been cleared, although auditors found areas known to Darktrace where “systems, processes or controls could be improved”. In 2024 private equity heavyweight Thoma Bravo took Darktrace private in a $5.3 billion cash deal.
The Sellafield Ltd. contract notice includes a “complementary information” section that names the Royal Courts of Justice as the “review body” and the “body responsible for mediation procedures.”
