Nuclear clean-up agency seeks £2m-a-year partner to help improve cyber-resilience

Written by Sam Trendall on 11 May 2022 in News

Specialist firm sought to help identify areas where security could be bolstered

Credit: Crown Copyright/Open Government Licence v3.0

The government agency charged with cleaning up ageing nuclear facilities is planning to appoint a £2m-a-year commercial partner to help oversee an ongoing initiative to bolster its cybersecurity credentials.

The Nuclear Decommissioning Authority has published a contract notice seeking bids from firms that could provide “assurance” services to its Cyber Security Resilience Programme (CSRP). 

The chosen provider will be asked to “independently assure” work undertaken by the authority to support an “improved cybersecurity posture” throughout the NDA and the four operating companies through which it works: Dounreay; Magnox Ltd; Nuclear Waste Services; Sellafield Ltd. 

The NDA wishes to measure its security infrastructure and practices against the guidelines set out in the Cybersecurity Framework of the US government’s National Institute of Standards and Technology (NIST).

“The NDA requires the supplier to independently assure the capability of the NDA group; this will include a review of all the operating companies using the NIST framework as the baseline standard,” the procurement notice said. “The organisation will be required to identify areas for improvement and areas of good practice and help the NDA and its operating companies to improve their capability in line with the risk appetite set by the NDA board.”

Related content

The successful supplier, which will be paid about £2m a year over the course of a 24-month contract, will work with a 70-strong team – comprised of NDA staff, contractors, and representatives of other suppliers – charged with delivering the cyber resilience project.

This team is based in Cumbria, but “assurance activities” will be required across all 17 former nuclear sites throughout England, Wales and Scotland that the NDA is responsible for cleaning up and decommissioning. The facilities owned and managed by the NDA, which include, Sellafield (pictured above), Hinkley Point A and Sizewell A, began operating as long as 80 years ago, in some cases.

“Due to prior Covid restrictions, previous work has been conducted remotely. However due to restrictions now lifted, face-to-face visits to sites will be required,” the procurement notice said. “During these instances, working arrangements will be agreed with the key stakeholders. The supplier… and [its] key personnel will be expected to be routinely available with daily stand-ups by conference call. Online communication is inevitable given the geographic spread of NDA sites. There will be a requirement to attend delivery group meetings… [and] deep dive reviews face to face at the request of the CSRP programme lead.”

Bids are open until midnight on 14 May, after which the NDA expects to evaluate up to five suppliers. Its decision will be based approximately 40% on price, 13% of cultural fit, and 47% on technical competence.

The winning bidder is scheduled to a contract beginning around the start of July.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Police investigated 4,300 cyber offences last year – but charged fewer than 100 criminals
12 August 2022

The proportion of offences resulting in a formal charge increased slightly, but remains at barely more than one in every 50

‘These are fundamental to empowering individuals’ – ICO takes action against departments and councils over data requests
28 September 2022

Ministry of Defence and Home Office are among those reprimanded over major backlogs that caused ‘significant distress’ to individuals. PublicTechnology finds out more.

Ofcom to probe dominance of big three public-cloud players
26 September 2022

Communications regulator will examine whether the current market conditions stymie innovation and opportunities for smaller players

MoD appoints £2m cyber specialist to test Army IT vulnerabilities
23 September 2022

Firm will be asked to assess existing and new tech platforms