Software for British nuclear submarines is from Belarus
Software used by British nuclear submarine crew members partly originates from Belarus, causing alarm in the UK's Ministry of Defence. An expert warns of a "national security risk".
According to a media report, software used by British nuclear submarines contains elements developed in Belarus. The computer program was supposed to be created by UK-based personnel with security clearance, but the "Telegraph" reports that it was outsourced to developers in Minsk, including one from Tomsk, Russia. The British Ministry of Defence has deemed this a breach of guidelines and a significant security risk.
The newspaper claims to have an internal ministry investigation which reveals that Rolls-Royce Submarines commissioned WM Reply, a consultancy firm, to modernize the intranet used by the submarine's engineers a few years ago. WM Reply then subcontracted the work to developers in Minsk. There are concerns that state actors in Belarus and Russia could exploit the code to track the locations of British submarines. Additionally, other defense capabilities may be at risk as a previous project was also outsourced to Minsk.
The investigation also suggests that WM Reply discussed hiding the origin of the software developers. In summer 2020, employees raised security concerns but were ignored. It was only when the issue was escalated to Rolls-Royce in spring 2021 that an investigation was launched. The incident was then referred to the British Ministry of Defence in summer 2022, leading to further investigation.
Former British Defense Secretary Ben Wallace told the newspaper that the incident "makes us potentially vulnerable to undermining our national security." He added, "Countries like China and Russia are constantly targeting the supply chains of our defense companies. This is not a new phenomenon."
Marion Messmer, a scientist at the Chatham House think tank, described the incident as a clear "national security risk." If malicious actors gained access to personal data of British submarine fleet employees, there could be a risk of "blackmail or targeted attacks," she told the "Telegraph."
A spokesperson for Rolls-Royce stated that all work done by subcontractors undergoes rigorous security checks before being put into operation. The company also assured that no sensitive information was accessible to those who hadn't undergone security clearance. Additionally, the company has ended its collaboration with WM Reply. WM Reply denied to the "Telegraph" that its actions posed a national security risk.
In the investigation, it was discovered that Rolls-Royce Submarines engaged WM Reply to update the submarine engineers' intranet several years ago. This firm then outsourced the work to developers based in Minsk, Belarus, raising concerns that sensitive information could potentially be accessed by state actors in these countries.
Despite Rolls-Royce claiming that all work done by subcontractors undergoes strict security checks, the incident involving WM Reply and their Minsk-based developers has been deemed a significant national security risk by UK authorities.