China nuclear power cybersecurity attack
Xi Jinping is expected to sign a deal with David Cameron later to build a nuclear power plant in Somerset, however cybersecurity experts have warned this poses 'severe' risks to national security Reuters

It will be the first nuclear power plant to be built in the UK in a generation, capable of providing power for six million homes, yet it has been described as "dangerous", "dishonourable" and a "national humiliation". Why? Because it is being funded by China, a country with an abysmal record of human rights abuses and a history of state-sponsored cybercrime.

By far the most worrying aspect of the Hinkley Point nuclear power plant is the risk to national security, with cybersecurity experts warning Beijing could use the deal to threaten the UK's critical infrastructure and endanger its physical safety. One of the most significant threats, according to Justin Harvey, chief security officer at Fidelis Cybersecurity, is that of so-called logic-bombs.

What is a logic-bomb?

A logic-bomb is a type of malware that can be secretly implanted into software and remotely activated in order to overload a computer's processing capability. While logic-bombs won't destroy data, they can incapacitate and render a system unavailable.

"The US has been seeing Chinese state sponsored attackers leaving behind 'trapdoors' for years, but in recent times, it has also been leaving behind something much more sinister: logic-bombs," he told IBTimes UK. "The theory is that these logic-bombs are being left behind so that in the event of a military strike, China would have the capability to render it's foes incapacitated."

Up to three nuclear power plants could eventually be built as a result of funding from China, with the £24bn ($37bn) Hinkley Point plant in Somerset expected to open by 2025. Government Communications Headquarters (GCHQ) has revealed it is concerned enough by such cybersecurity threats that it has been consulted over the deal and will be playing a role in protecting Britain's energy network.

A spokesperson for the intelligence agency said: "GCHQ has a remit to support the cybersecurity of private-sector-owned critical national infrastructure projects, including in the civil nuclear sector and nuclear new builds, when invited to do so by the lead government department involved."

As a cyber espionage expert, I cannot stress how dangerous this is to the country and its physical safety
- Justin Harvey, chief security officer at Fidelis Cybersecurity

Downing Street has stated an independent nuclear regulator overseeing the deal had left the UK government "content with things as they stand", while ensuring due diligence would continue to be followed. Critics claim the government is rushing into the deal and not enough consideration was being taken into account of diplomatic relations potentially breaking down in the future.

Fears surrounding China's involvement in such a key element of national infrastructure are all the more significant when the links between the Chinese companies involved and the military establishment in Beijing are taken into consideration. According to cybersecurity experts, the UK should look to its closest allies for providing key infrastructure components.

"I agree with GCHQ's warning," Harvey said. "It absolutely has a reason to raise the alarm over China providing components that include software for UK power plants. Ultimately, China providing these services and components represents a significant risk to the UK. As a cyber espionage expert, I cannot stress how dangerous this is to the country and its physical safety."