Nuclear Secrets Found On USB Flash Drive

Reports are coming in that an unencrypted USB stick – apparently containing details on the Sellafield nuclear site’s operations – was found by a coach driver in a Cumbria hotel room.

And it seems that the USB stick contained details of the nuclear firm’s proposed workforce transfer from its Capenhurst operation in Cheshire to uranium specialist Urenco.one.

This fact alone is manna from heaven to enemies of the UK, especially since the data on the USB stick suggested that International Atomic Energy technicians visiting the site were not sufficiently up to speed.

While the convenience of USB sticks make them an important tool for any business, you don’t have to be a nuclear scientist to know that the data carried on these devices must be protected.

Corporate USB sticks should always include encryption and other forms of security as a basic requirement because – as this incident clearly shows – unencrypted data can, and does, fall into the wrong hands.

And in the case of Sellafield – the former Windscale nuclear material processing and handling site – he added that the data on the USB stick falls firmly into the kind of information which has national security implications, especially with the UK currently being on heightened terrorist alert.

The discovery of this data on a USB stick in a hotel room is the kind of plot that would do justice to a John Le Carre thriller novel, rather than real-life hotel in deepest Cumbria.

But here we have a coach driver making a discovery that has serious national security overtones. That technicians and other employees at Sellafield are using USB sticks to store and move sensitive data is not really a surprise in today’s world, but that there are not policies and procedures in place to encrypt or otherwise protect the data on those devices is a real concern.

As the coach driver is quoted as saying in the local press, what if the USB stick had fallen into the hands of terrorists, or contained top secret information?

Sellafield has done the right thing in launching an investigation, but this is a potentially serious breach of data security on several levels, with national security overtones. Sellafield needs to look very carefully at its data security policies, and the technology that enforces those policies.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Sean Glynn is Director of Marketing at Credant Technologies. Sean brings nearly 20 years of international marketing experience to his role at Credant, in which he oversees corporate, Web and partner marketing, product marketing, public relations and advertising. Sean was previously the Director of Field Marketing with Sophos, where he developed global marketing campaigns and coordinated the customer lifecycle program across nine subsidiaries worldwide. He has managed numerous marketing launches for both hardware and software for companies in Texas and Europe throughout his career and has in-depth experience within the data security industry. Sean received a bachelor of business studies degree from the University of Limerick in Ireland.