Nuclear clean-up agency seeks £2m-a-year partner to help improve cyber-resilience

Written by Sam Trendall on 11 May 2022 in News

Specialist firm sought to help identify areas where security could be bolstered

Credit: Crown Copyright/Open Government Licence v3.0

The government agency charged with cleaning up ageing nuclear facilities is planning to appoint a £2m-a-year commercial partner to help oversee an ongoing initiative to bolster its cybersecurity credentials.

The Nuclear Decommissioning Authority has published a contract notice seeking bids from firms that could provide “assurance” services to its Cyber Security Resilience Programme (CSRP). 

The chosen provider will be asked to “independently assure” work undertaken by the authority to support an “improved cybersecurity posture” throughout the NDA and the four operating companies through which it works: Dounreay; Magnox Ltd; Nuclear Waste Services; Sellafield Ltd. 

The NDA wishes to measure its security infrastructure and practices against the guidelines set out in the Cybersecurity Framework of the US government’s National Institute of Standards and Technology (NIST).

“The NDA requires the supplier to independently assure the capability of the NDA group; this will include a review of all the operating companies using the NIST framework as the baseline standard,” the procurement notice said. “The organisation will be required to identify areas for improvement and areas of good practice and help the NDA and its operating companies to improve their capability in line with the risk appetite set by the NDA board.”

Related content

The successful supplier, which will be paid about £2m a year over the course of a 24-month contract, will work with a 70-strong team – comprised of NDA staff, contractors, and representatives of other suppliers – charged with delivering the cyber resilience project.

This team is based in Cumbria, but “assurance activities” will be required across all 17 former nuclear sites throughout England, Wales and Scotland that the NDA is responsible for cleaning up and decommissioning. The facilities owned and managed by the NDA, which include, Sellafield (pictured above), Hinkley Point A and Sizewell A, began operating as long as 80 years ago, in some cases.

“Due to prior Covid restrictions, previous work has been conducted remotely. However due to restrictions now lifted, face-to-face visits to sites will be required,” the procurement notice said. “During these instances, working arrangements will be agreed with the key stakeholders. The supplier… and [its] key personnel will be expected to be routinely available with daily stand-ups by conference call. Online communication is inevitable given the geographic spread of NDA sites. There will be a requirement to attend delivery group meetings… [and] deep dive reviews face to face at the request of the CSRP programme lead.”

Bids are open until midnight on 14 May, after which the NDA expects to evaluate up to five suppliers. Its decision will be based approximately 40% on price, 13% of cultural fit, and 47% on technical competence.

The winning bidder is scheduled to a contract beginning around the start of July.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Home Office and BEIS first departments under the microscope in pilots of new independent cyber audits
16 January 2023

External supplier brought in to run the rule over government systems as rollout begins of ‘GovAssure’ programme

Government vetting processes hampered by ‘old and unstable’ technology
20 January 2023

NAO report finds ageing IT is a major contributor to the performance issues at UKSV

Government must earn public trust that AI is being used safely and responsibly
5 January 2023

Leaders from two of government’s core digital and data units – the CDDO and CDEI – introduce new guidelines intended to promote transparency in the public sector’s use of algorithms

Extremism increasingly spread via mainstream apps and sites, government research finds
16 December 2022

MoJ-backed study concludes that specialist sites and the dark web are no longer the only means of online radicalisation