Cyber attack - civil nuclear

This risk is featured in the full matrix, representing the averages of multiple different scenarios presented together in the ‘cyber attacks on infrastructure’ category.

Impact 5
risk indicator
ID 11
Risk theme Terrorism
Impact & Likelihood
Impact key
5 Catastrophic
4 Significant
3 Moderate
2 Limited
1 Minor
Likelihood key
5 >25%
4 5-25%
3 1-5%
2 0.2-1%
1 <0.2%


Civil nuclear power is of strategic importance to the UK’s energy security and net zero ambitions and in turn, must continue to strengthen its resilience to dynamic and evolving cyber threats. Cyber security in the civil nuclear sector is managed through a combination of nuclear safety and security regulatory requirements, a defence-in-depth approach and sector-wide collaboration under the 2022 Civil Nuclear Cyber Security Strategy. The combination of these approaches drives a holistic and robust risk mitigation on cyber.


This scenario assumes a cyber attack that could require a controlled shutdown of a civil nuclear generating site as a protective measure. This could result in a temporary loss of supply to the UK National Grid until its restoration or generating capacity could be increased elsewhere. Impacts from this loss could vary depending on how power redistribution is managed.

Response capability requirements

The National Grid requires the capability to restore grid systems and manage power distribution. Local Resilience Forums are required to manage potential regional-level impact to essential services as part of their arrangements for managing disruptions from loss of power. Functional back-up generators would be required for a range of other critical infrastructure sectors to reduce impact on essential services.


The reactor’s return to service could be a lengthy process, depending on the nature of the incident, while replacements and repairs take place due to strict regulatory controls designed to ensure nuclear safety and security.