26 May 2026
How Sizewell C is embedding Cyber Resilience in Critical National Infrastructure
Turning cyber insight into action on a nationally significant infrastructure programme
Turning cyber insight into action on a nationally significant infrastructure programme
As the developer of a new nuclear power station planned for the Suffolk coast, intended to support the UK’s long-term energy security and low-carbon electricity supply, and one of the country’s most complex and nationally significant infrastructure programmes, Sizewell C is taking a deliberately practical approach to cyber resilience, embedding it as a core capability that supports safe and reliable delivery from the outset. Over the past year, Sizewell C has worked in close partnership with FSP as a trusted strategic partner, to establish an evidence based view of cyber maturity across the programme and translate that insight into a focused, deliverable multi-year plan. With the baseline phase complete, the programme has now moved decisively from assurance into action.
Why this matters
Why this matters
For major infrastructure programmes, cyber risk increasingly is delivery risk, driving cost, complexity and delay if addressed too late or in isolation. Yet across critical national infrastructure, cyber efforts often stall after assessment, producing frameworks and assurance artefacts that struggle to keep pace with live, evolving programmes.
Sizewell C has taken a different path. Rather than aiming for theoretical completeness up front, the programme has focused on building the right cyber capability at the right pace, in the right places, allowing resilience to evolve alongside engineering, construction and organisational maturity. This approach recognises that effective cyber resilience is not a one-off milestone, but a capability that must be developed and sustained throughout the life of the programme.
What delivery-led cyber looks like in practice
What delivery-led cyber looks like in practice
A clear, honest baseline
Beginning in late 2024, the joint team completed a cyber maturity assessment aligned to the NIST Cyber Security Framework, providing an evidence-based view of capability across the programme and highlighting where focus would have the greatest impact.
Pace without shortcuts
Over an accelerated eight-week period, the FSP team engaged widely across Sizewell C through interviews, workshops and on-site activity, testing assumptions, understanding real operational constraints, and ensuring recommendations reflected how the programme actually functions.
A roadmap built for reality
The outcome was a board approved, two year transformation roadmap that sequences activity, targets investment, and aligns cyber improvements with wider programme milestones, ensuring progress is sustainable, measurable and achievable.
From insight to execution
With the roadmap agreed, joint teams are now firmly in delivery mode, prioritising the most impactful actions, embedding capability for the long term, and maintaining momentum as the programme evolves. The emphasis remains on outcomes over artefacts, with a clear line of sight from cyber strategy to day-to-day decision-making.
Leadership in context
By embedding cyber resilience early and pragmatically, Sizewell C is demonstrating leadership within the critical national infrastructure sector. The programme’s approach shows how complex, long-term projects can move beyond assessment and assurance, and instead build cyber capability that actively supports safe, resilient and timely delivery, offering a model others can adapt to their own context.
“On a programme like Sizewell C, cyber has to deliver measurable outcomes, not just assurance artefacts. Working side-by-side with FSP, we’ve built an honest baseline and a roadmap that’s practical, prioritised and designed for pragmatic delivery with our partners. The focus is now moving quickly on the changes that make the biggest difference.”
James Costello, Sizewell C
CISO
“We are delighted to deepen our trusted partnership with the Sizewell C team. Contributing to the growth of cyber maturity within a programme that is both nationally significant and critical to the UK’s future energy security is genuinely exciting, and we look forward to a long‑term partnership.”
Chris Campbell, FSP
COO
Learn more
For more information about Sizewell C, Visit: sizewellc.com
or watch the ‘introduction to Sizewell C’ video below
Want to achieve similar outcomes in your organisation?
Learn how your organisation can build a scalable, measurable security programme.
